Dual Russian-Israeli national Rostislav Panev was arrested last August and is facing extradition to the US for playing a critical role in LockBit's RaaS activities, dating back to the ransomware gang's origins.

Rated 9.5 on the CVSSv4 scale, CVE-2024-53677 allows remote attackers to execute arbitrary code by abusing flaws in the file upload logic. It affects a broad range of Apache Struts versions, including 2.0.0 to 2.5.33 and 6.0.0 to 6.3.0.2.

With a CVSS score of 9.8, this vulnerability poses significant risks, including sensitive data exposure, Server-Side Request Forgery (SSRF), and, under certain circumstances, remote code execution.

Discovered by security researcher Yuki Chen, CVE-2024-49112 affects a wide range of Windows operating systems and server versions, including both Windows 10 and Windows 11, as well as legacy and modern Windows Server editions.

Researchers at North Carolina State University demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on using a new method called "TPUXtract."

Tracked as CVE-2024-55661, this vulnerability could allow authenticated users with access to the Pulse dashboard to execute arbitrary code on the server, potentially leading to full system compromise.

Internet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have given adversaries control of thousands of connected devices in a single cyberattack.

The vulnerability enables attackers to craft malicious HTTP requests to access sensitive files on the underlying file system. The files must be accessible to the process in which the vulnerable Spring application runs.

These vulnerabilities, if exploited, could allow attackers to hijack user sessions, delete accounts, and even take complete control of administrative accounts. Users are strongly urged to update to the latest version, 10.0.17, immediately.

This ongoing operation, active since November, utilizes domains hosted on dedicated IP addresses to deliver malicious downloads disguised as legitimate tools for CAD and graphic design software.