The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive ordering government agencies to patch a high-severity Oracle WebLogic Server vulnerability from 2022 that is now being actively exploited in cyberattacks.
CISA added the two-year-old flaw to its Known Exploited Vulnerabilities catalog, triggering mandatory remediation requirements for federal civilian agencies. The vulnerability affects Oracle WebLogic Server, widely deployed in enterprise environments across government and private sector organizations.
The directive requires federal agencies to apply patches by a specific deadline, underscoring the urgency of the threat. CISA does not specify which attack campaigns are exploiting the flaw, but the active exploitation status indicates threat actors have developed working attack code.
Oracle released patches for the vulnerability in 2022, yet the two-year gap between patching and active exploitation suggests many organizations have failed to apply the updates. This pattern is common in cybersecurity—older vulnerabilities with known patches remain valuable targets because defenders often overlook them during regular patching cycles.
The WebLogic Server vulnerability represents a significant risk for government agencies relying on Oracle infrastructure. Successful exploitation could grant attackers unauthorized access to sensitive systems and data. Federal agencies using WebLogic Server must prioritize this patch to comply with the CISA directive.
The incident highlights the importance of timely patch management. Security teams should review their Oracle inventory and deployment status immediately. Organizations using WebLogic Server in any capacity should verify whether patches have been applied and schedule remediation if necessary.
CISA's Known Exploited Vulnerabilities catalog now includes this flaw, making it a tracked threat requiring documented remediation across federal systems. Agencies failing to comply with the directive face potential consequences under federal cybersecurity requirements.
Private sector organizations should also treat this vulnerability as urgent, even without federal mandates. The active exploitation status means threat actors are actively targeting systems, making this a legitimate business risk regardless of government requirements.
A critical privilege escalation vulnerability in the popular Kirki WordPress plugin is being actively exploited to compromise administrator accounts. The flaw (CVE-2026-8206) allows attackers to take over any user account on affected sites.
Threat actors are deploying an AI-powered ransomware toolkit that automates Active Directory discovery and circumvents endpoint detection and response solutions. The advancement marks a significant escalation in ransomware attack sophistication.
Palo Alto Networks raised its adjusted earnings forecast, citing strong demand for security services as AI-related threats escalate concerns among enterprises and governments.