Cristian Luțic

Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
CrowdStrike to buy XM Cyber IP in expanded deal with Schwarz Digits
CrowdStrike said it will acquire XM Cyber’s technology, source code and more than 45 patents, while the Israeli company remains independent. The deal deepens CrowdStrike’s exposure management business and expands a European cloud partnership with Schwarz Digits.
-
Microsoft warns of surge in ACR Stealer attacks on enterprise customers
Microsoft said ACR Stealer attacks rose against enterprise customers between late April and mid-June. The malware used ClickFix, WebDAV, MSHTA and other tools to steal browser data and sensitive files.
-
Public exploits published for critical WordPress core flaws, patch urged
Public exploits are now circulating for critical WordPress core flaws that can chain into unauthenticated remote code execution. Site owners are being urged to update to WordPress 6.9.5 or 7.0.2 immediately.
-
Coca-Cola says Fairlife ransomware attack halts U.S. dairy production
Coca-Cola said a ransomware attack on its Fairlife dairy subsidiary disrupted operations and temporarily stopped U.S. production. The company said product safety was not affected and Canadian operations were not hit.
-
CISA adds four actively exploited flaws, including Adobe ColdFusion bug
CISA added four actively exploited flaws to its Known Exploited Vulnerabilities catalog, including a critical Adobe ColdFusion bug, and told federal civilian agencies to patch by July 10, 2026.
-
RedWing Android malware sold on Telegram as bank-fraud service
RedWing is a Telegram-rented Android malware service that researchers say can steal banking logins, one-time codes and other data, with 82 targeted institutions identified and a strong focus on Russian financial firms.
-
Google Dialogflow CX flaw could have exposed chats across agents
Google fixed a Dialogflow CX flaw that could have let an attacker with edit access to one agent read conversations and influence other Code Block-enabled agents in the same Cloud project. Varonis reported no signs of real-world abuse.
-
CERT/CC warns of hidden admin backdoor in several Tenda firmware versions
CERT/CC warned that several Tenda firmware versions contain an undocumented backdoor that can bypass password checks and grant admin access, leaving devices open to takeover until a fix is released.
-
Fake IT support calls on Microsoft Teams push EtherRAT malware
Threat actors are using Microsoft Teams voice calls to impersonate IT support and push EtherRAT malware, according to a Unit 42 technical analysis. The campaign combines phishing emails, remote-access tools and a Node.js loader.
-
BeyondTrust patches critical flaws in Remote Support and Privileged Remote Access
BeyondTrust patched four vulnerabilities in its Remote Support and Privileged Remote Access products, including two critical authentication flaws that could allow unauthorized access under specific configurations. The company said the issues were found internally and has not reported active exploitation.








