The recent JULY 2018 Oracle security patch CVE-2018-2893 for the Weblogic development suite is being exploited in-the-wild & all applicable corporate users should expediently patch for safety reasons

On 18-JUL-2018 Oracle released a Critical Patch Update. Yesterday exploit targeting CVE-2018-2893 impacting Oracle Weblogic Server appeared publicly. We do see first exploit attempts. The exploit attempts to download additional code from a malicious server. We are still looking at details, but it looks like the code attempts to install a backdoor. Scanning activity targeting port 7001 peaked in May of 2018 when another Weblogic vulnerability went public, unsurprisingly it was used to install crypto-miners