Sunday , February 2 2025
Oracle Weblogic Server

PoC Exploited Released for Oracle Weblogic Server Vul

infosecbulletin Monday , December 30 2024 Alert, Vulnerabilities

Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic Server.

The flaw tracked as CVE-2024-21182, poses a significant risk to organizations using the server, as it allows an unauthenticated attacker with network access to compromise the targeted system.

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...
Read More
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

By infosecbulletin / Sunday , February 2 2025
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI's ChatGPT, DeepSeek, and Alibaba's Qwen. After its...
Read More
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks

Paragon Attack WhatsApp With New Zero-Click Spyware

By infosecbulletin / Sunday , February 2 2025
WhatsApp reveiled on Friday that a "zero-click" spyware attack, linked to the Israeli company Paragon, has targeted many users globally,...
Read More
Paragon Attack WhatsApp With New Zero-Click Spyware

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

By infosecbulletin / Saturday , February 1 2025
At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company's $25 million settlement with Donald...
Read More
Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

Indian tech giant Tata Tech hit by ransomware attack

By infosecbulletin / Saturday , February 1 2025
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a...
Read More
Indian tech giant Tata Tech hit by ransomware attack

Vulnarabilitties found in Cisco webex and VMware Aria operation

By infosecbulletin / Friday , January 31 2025
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of...
Read More
Vulnarabilitties found in Cisco webex and VMware Aria operation

Microsoft to boost M365 bounty program rewards Up to $27,000

By infosecbulletin / Friday , January 31 2025
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for...
Read More
Microsoft to boost M365 bounty program rewards Up to $27,000

DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

By infosecbulletin / Friday , January 31 2025
Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured...
Read More
DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek

Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

By infosecbulletin / Thursday , January 30 2025
Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate...
Read More
Microsoft brings DeepSeeK to Azure AI Foundry and GitHub

Hackers leverage Google’s subdomains, phone number to attack victims

By infosecbulletin / Thursday , January 30 2025
Scammers called a victim using Google's official support number and sent an email from an official subdomain. It's unclear how...
Read More
Hackers leverage Google’s subdomains, phone number to attack victims

The vulnerability impacts Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0, among the most widely used middleware solutions for deploying enterprise applications.

The exploitation is possible through T3 and IIOP (Internet Inter-ORB Protocol), which are commonly enabled by default for remote communication.

Cybersecurity advisors have highlighted that this vulnerability is classified as “easily exploitable.”

An attacker can leverage it without requiring credentials or sophisticated technical expertise, broadening the scope of potential misuse.

According to the advisory, successful exploitation could lead to arbitrary code execution, granting attackers full control over the compromised server.

Concerns surrounding CVE-2024-21182 grew rapidly after an exploit was shared on GitHub by a user named “k4it0k1d.”

The repository includes a ready-to-use PoC that lowers the barrier for potential attackers. Cybersecurity updates posted on social media platforms, such as X (formerly Twitter), have also drawn attention to the vulnerability.

A post shared by Cyber Advising includes a link to the exploit and warns of its accessibility.

With the exploit now public, proactive defense measures are critical to protecting sensitive systems and data.

Check Also

GitHub Desktop

GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin