// #oracle
5 articles
Oracle PeopleSoft CVE-2026-35273 (CVSS 9.8): ShinyHunters Exploit Zero-Day to Breach University Student Records at Scale
A critical zero-day vulnerability in Oracle PeopleSoft Campus Solutions — CVE-2026-35273, CVSS 9.8 — has been exploited by the ShinyHunters threat group to breach student record systems at multiple universities across the US, UK, and Australia. The flaw allows unauthenticated attackers to bypass authentication in the PeopleSoft web application layer, granting direct access to student enrolment, financial aid, and academic records.
Enterprise Java Middleware Security Governance: Bringing WebLogic and JBoss into the Vulnerability Management Programme
Oracle WebLogic, Red Hat JBoss/WildFly, and IBM WebSphere are foundational enterprise application infrastructure that frequently falls outside the scope of corporate vulnerability management programmes. CVE-2024-21182's CISA KEV addition — 18 months after the patch — reflects what happens when middleware is governed outside the security programme.
Oracle WebLogic CVE-2024-21182 Added to CISA KEV — Federal Deadline June 4 as Ransomware Payloads Observed
CISA added CVE-2024-21182 to the Known Exploited Vulnerabilities catalogue on 1 June, citing confirmed active exploitation of the Oracle WebLogic Server unauthenticated remote attack vulnerability. Honeypot data shows attackers delivering Cobalt Strike beacons and ransomware payloads via the T3/IIOP protocol attack path. Federal civilian agencies must remediate by 4 June.
Oracle WebLogic Security Assessment Guide: Discovering Exposure Before the Next T3 Exploit
Enterprise Java middleware is often the least-assessed component of the application security programme. Oracle WebLogic installations are frequently discovered during incident response rather than proactive inventory. This guide covers the discovery, assessment, and continuous monitoring steps for WebLogic security.
Oracle WebLogic T3 and IIOP Hardening: Eliminating the Attack Surface Behind CVE-2024-21182
The T3 and IIOP protocols in Oracle WebLogic Server have been the source of 15+ critical vulnerabilities over the past decade. This guide covers the configuration controls that isolate T3/IIOP from untrusted networks — the single most effective defence regardless of which WebLogic CVE is currently being exploited.