Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Taiwan student accused of hacking high-speed rail radio system to trigger emergency brakes
A 23-year-old Taiwanese university student was arrested after allegedly using radio equipment to trigger emergency brakes on Taiwan High Speed Rail, stopping four trains for 48 minutes on April 5, according to a local report.
-
Apache fixes critical HTTP/2 flaw that could enable remote code execution
Apache has patched CVE-2026-23918 in HTTP Server 2.4.67, a critical HTTP/2 double free that can cause denial-of-service and, in some setups, remote code execution.
-
DAEMON Tools installers trojanized in supply chain attack, Kaspersky says
DAEMON Tools installers were trojanized in a supply chain attack that affected versions released since April 8, 2026, Kaspersky said. The compromise reached users in more than 100 countries and delivered targeted malware to a small set of hosts.
-
China-linked UAT-8302 targets government networks in South America and Europe
Cisco Talos says China-nexus UAT-8302 targeted government networks in South America and southeastern Europe, using custom malware and tools linked to other China-aligned groups. The group’s initial access method remains unknown.
-
FTC to bar Kochava from selling Americans’ location data without consent
The FTC will bar Kochava and its subsidiary from selling precise location data without explicit consent, settling a case over data tied to hundreds of millions of mobile devices and alleged tracking of sensitive places.
-
MetInfo CMS flaw under active exploitation after April patch
Threat actors are exploiting a critical MetInfo CMS flaw, CVE-2026-29014, that can enable remote code execution. VulnCheck said activity began on April 25 and intensified on May 1, after MetInfo released patches on April 7.
-
ScarCruft pushes Android BirdCall spyware through game platform
APT37 has been distributing an Android version of its BirdCall backdoor through a gaming platform supply chain attack, according to ESET. The spyware can gather contacts, messages, device data, screenshots and files.
-
Weaver E-cology flaw exploited in attacks since March
Hackers have exploited a critical Weaver E-cology vulnerability since mid-March to run discovery commands. The flaw affects E-cology 10.0 builds before March 12, and the vendor says upgrading is the only fix.
-
Amazon SES abuse rises in phishing campaigns, Kaspersky says
Kaspersky says Amazon Simple Email Service is being increasingly abused in phishing campaigns that can bypass standard email defenses. The report links the activity to exposed AWS credentials and notes that the messages can evade SPF, DKIM and DMARC checks.
-
Phishing campaign used RMM software to hit more than 80 organizations
A phishing campaign has targeted more than 80 organizations since at least April 2025, using legitimate remote monitoring tools to maintain access after victims opened fake Social Security Administration emails.
