Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 18.104.22.168. Organizations that are running vulnerable versions of WebLogic are encouraged to prioritize patching as soon as possible.
Rapid7 Labs Project Heisenberg began seeing elevated levels of WebLogic attacker activity targeting this newfound weakness a few days after the KnownSec 404 Team made the vulnerability public when a proof-of-concept exploit was released.
While attackers are scanning for and compromising internet-facing vulnerable WebLogic instances, they are also successfully landing ransomware and cryptocurrency-mining exploit campaigns internally in organizations.
A Metasploit module is available here.