Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Orange Belgium reports data breach affecting about 850,000 customers
Orange Belgium says attackers accessed data from about 850,000 customer accounts in a July breach, exposing names, phone numbers, and related account details, while passwords and financial information were not accessed; customers are being notified by email or SMS and advised to watch for impersonation attempts.
-
Apple patches zero-day CVE-2025-43300 after highly targeted attack, urges immediate updates
Apple has issued security updates for CVE-2025-43300, a zero-day flaw in Apple’s Image I/O framework that was exploited in a highly targeted attack; users are urged to install the latest iOS, iPadOS and macOS updates.
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
-
Static Tundra: Russia-linked group exploits Cisco flaw to maintain long-term access to global networks, researchers say
A Russian state-sponsored group known as Static Tundra has been quietly compromising network devices worldwide for over a decade, exploiting a seven-year-old Cisco vulnerability to steal data and maintain access, according to Cisco Talos Intelligence.
-
Hackers exploit trusted Microsoft redirects and ADFS to steal Microsoft 365 logins, researchers say
Researchers describe a phishing campaign that uses legitimate office.com redirects and a misconfigured Microsoft tenant with ADFS to harvest Microsoft 365 credentials, bypassing some security controls. The attack chain begins with a misleading Google ad for “Office 265,” redirects through Office to a phantom domain, and uses conditional access restrictions to conceal the page from…
-
DripDropper Linux malware patches exploited flaw to lock out rivals, Red Canary says
Red Canary researchers describe DripDropper, a Linux malware that exploits Apache ActiveMQ CVE-2023-46604 to gain access to cloud servers, then patches the vulnerability to keep rivals out and maintain control, using Sliver for persistence and Dropbox as a command channel.
-
Commvault patches four on-prem vulnerabilities tied to remote code execution chains
Commvault has fixed four on-prem vulnerabilities that could enable unauthenticated attackers to compromise deployments and chain to remote code execution, according to findings from watchTowr Labs.
-
Inotiv ransomware attack disrupts operations as Qilin claims data theft
Inotiv, an Indiana-based contract research organization, disclosed a ransomware incident on August 8, 2025 that encrypted some systems and data, disrupting operations. The company engaged external security experts, notified law enforcement, and said it is restoring networks while a Qilin ransomware gang claims to have stolen hundreds of thousands of files and published data samples.
-
Business Council of New York State discloses data breach affecting 47,329 people
The Business Council of New York State disclosed a February data breach affecting 47,329 individuals, exposing a broad range of personal, financial and health information. The intrusion was detected in August, and BCNYS has offered free credit monitoring to those affected while it investigates the incident.
-
UK Drops Apple Backdoor Mandate as U.S. Vows to Protect Americans’ Civil Liberties over Encryption
The U.K. reportedly abandoned a government plan to compel Apple to weaken encryption and enable a backdoor, signaling a shift in how authorities approach access to encrypted data while U.S. officials emphasize protecting civil liberties for Americans.
