Honey for Hackers: A Study of Attacks Targeting the Recent CVE-2026-21962 and Other Critical WebLogic Vulnerabilities on a High Interactive Oracle Honeypot

**Executive summary:** This 12-day high-interaction honeypot analysis documents immediate, widespread exploitation attempts targeting a newly disclosed critical unauthenticated Oracle WebLogic RCE (CVE-2026-21962, CVSS 10.0) alongside several long-standing WebLogic RCEs; attackers quickly weaponized public exploit code and conducted high-volume automated scanning from rented VPS infrastructure (e.g., DigitalOcean, HOSTGLOBAL.PLUS), using tools like libredtail-http and Nmap scripts. The report includes attack vectors, top attacker IPs, targeted endpoints, tool/user-agent telemetry, non‑WebLogic noise, and prioritized mitigations (immediate patching, access restriction, WAF/DPI, logging/alerting).