Cristian Luțic

Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.

From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.

iSec.News Motto: “Only news, only information security and privacy news. No fluff.”

ShadowSilk Expands Target Reach to Central Asia and APAC Government Agencies, 36 Victims Identified, Group-IB Says

Cybercrime, News, Risk, Vulnerabilities

August 28, 2025

A new threat cluster named ShadowSilk has targeted government entities across Central Asia and the Asia-Pacific region, with Group-IB reporting 36 identified victims. The operation blends Russian- and Chinese-speaking actors, uses spear-phishing and Telegram-based C2, and leverages a broad toolkit to exfiltrate data from government networks.
Healthcare Services Group breach affects more than 624,000 individuals

Cybercrime, News, Policy, Privacy, Risk, Vendors

August 27, 2025

Healthcare Services Group said a data breach exposed the personal information of more than 624,000 individuals, with unauthorized access occurring between Sept. 27 and Oct. 3, 2024 and notifications sent on Aug. 25, 2025. Data types varied but included identifiers and financial details; credit monitoring is being offered, and there is no current evidence of…
Five Blind Eagle activity clusters identified, with Colombia as primary focus, researchers say

Cybercrime, News, Research, Risk

August 27, 2025

Security researchers have identified five distinct activity clusters tied to the Blind Eagle threat actor, with Colombia as the primary target, as Recorded Future’s Insikt Group tracks campaigns from May 2024 to July 2025.
SSA whistleblower alleges DOGE duplicated NUMIDENT in unauthorized cloud, risking Americans’ data

Cloud, News, Policy, Privacy, Risk

August 27, 2025

A government whistleblower alleges that DOGE, a non-official federal client, copied the NUMIDENT database into an unauthorized cloud environment, risking all Americans’ Social Security data, with additional claims of improper access and potential privacy violations.
Salesloft breach linked to theft of Drift OAuth tokens used to access Salesforce, Google says UNC6395 behind attack

Cloud, Cybercrime, News, Risk

August 27, 2025

Hackers breached Salesloft to steal Drift OAuth and refresh tokens used for Salesforce integration, enabling data exfiltration from customer environments. Google’s threat intelligence assigns UNC6395 to the activity and notes credential theft across cloud services, with administrators urged to rotate credentials and reauthenticate Drift-Salesforce connections.
ZipLine phishing campaign uses public contact forms to drop in-memory MixShell malware, researchers say

Cybercrime, News, Risk, Vendors

August 27, 2025

Cybersecurity researchers warn of ZipLine, a social-engineering campaign that uses public-facing Contact Us forms to seed weeks-long conversations before delivering in-memory MixShell malware via a weaponized ZIP file, with DNS tunneling as the primary command-and-control channel.
HOOK Android banking trojan adds ransomware overlay, expands remote command set

Cybercrime, News, Risk

August 26, 2025

Security researchers have identified a new HOOK Android banking trojan variant that adds ransomware-style overlays, remote command capabilities, and expanded data-theft features, signaling a growing blend of banking fraud with spyware and ransomware tactics.
Farmers Insurance says 1.1 million customers affected by data breach tied to Salesforce attack wave

Cybercrime, News, Privacy, Risk, Vendors, Vulnerabilities

August 26, 2025

Farmers Insurance says 1.1 million customers were affected by a data breach at a third‑party vendor, tied to a broader Salesforce data‑theft campaign. The incident exposed names, addresses, birth dates, driver’s licenses, and last‑four digits of SSNs, with notices issued starting in August and Maine officials confirming more than 1.1 million total affected across notices.
Auchan data breach exposes loyalty data of hundreds of thousands of customers

Cybercrime, News, Privacy, Risk, Vulnerabilities

August 26, 2025

French retailer Auchan disclosed a cyberattack that exposed the personal data of hundreds of thousands of loyalty-account holders, including names, addresses, emails, phone numbers, and loyalty card numbers, while bank data and PINs were not affected. The company has notified CNIL and urged vigilance against phishing.
Critical Docker Desktop vulnerability could let attackers hijack Windows hosts, researchers say

Cybercrime, News, Vulnerabilities

August 26, 2025

A critical vulnerability in Docker Desktop for Windows and macOS could allow attackers to hijack the host by running a malicious container, even with Enhanced Container Isolation, tracked as CVE-2025-9074 (SSRF) and rated 9.3. The flaw has been patched in Docker Desktop 4.44.3, after demonstrations of a PoC that could access the Docker Engine from…

Loading…Load More