A critical bug in Java's implementation of ECDSA (CVE-2022-21449) can allow an attacker to forge a signature or certificate to deliver virtually any payload.
Oracle has pushed an emergency patch for CVE-2020-14750, a remotely exploitable flaw in its WebLogic application server.
The Sodinokibi ransomware is being installed on vulnerable Oracle WebLogic servers that haven't been patched against CVE-2019-2725.