Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Apple Advances Passkey Interoperability with New Import/Export Feature
Apple has unveiled a new import and export feature for passkeys, aiming to enhance security and usability in credential management. The new process eliminates insecure file transfers and improves the interoperability of passkeys across applications.
-
Paragon Spyware Confirmed on Journalists’ Devices Amid Italian Surveillance Scandal
Research by Citizen Lab confirms Paragon spyware’s presence on the devices of European journalists, intensifying an ongoing surveillance scandal in Italy. The findings raise serious questions about the targeting of critical journalists as the Italian government navigates scrutiny over its contractual relationship with Paragon.
-
FIN6 Cybercrime Group Targets HR Professionals with Advanced Phishing Operations
The FIN6 cybercrime group has launched a sophisticated phishing campaign targeting HR professionals by exploiting the job application process to deliver malware, according to new research from DomainTools. The group’s use of trusted cloud services complicates detection efforts, highlighting the need for improved security protocols in human resources.
-
GitLab Issues Security Patches Addressing High-Severity Vulnerabilities
GitLab has released vital security updates addressing multiple high-severity vulnerabilities that allow account takeovers and malicious job injections in its DevSecOps platform. The company urges immediate upgrades to mitigate these risks.
-
Widespread Service Outages Affect Google Cloud and Cloudflare
Google Cloud and Cloudflare have reported widespread service outages affecting various services and platforms. Both companies are investigating the issues that began on June 12, with users experiencing significant access problems.
-
New Cybersecurity Threat Targets Over 80,000 Microsoft Entra ID Accounts
A new cybersecurity threat has surfaced, with over 80,000 Microsoft Entra ID accounts compromised by an account takeover campaign known as UNK_SneakyStrike, utilizing the TeamFiltration tool for malicious activities.
-
CISA Highlights Security Flaws in SinoTrack GPS Devices
CISA warns SinoTrack GPS device users about critical vulnerabilities allowing unauthorized access. Affected devices could be remotely controlled, including tracking vehicles and cutting off fuel. Users are urged to change default passwords immediately.
-
New AI Vulnerability Discovered in Microsoft 365 Copilot: ‘EchoLeak’
A new zero-click vulnerability known as ‘EchoLeak’ has been discovered in Microsoft 365 Copilot, enabling attackers to exfiltrate sensitive data without user interaction. While Microsoft has patched the flaw, experts advise businesses to enhance their cybersecurity measures to prevent future exploits.
-
Coordinated Cyber Attacks Target Tomcat Manager Interfaces
GreyNoise has warned of a surge in coordinated brute-force attacks targeting Apache Tomcat Manager interfaces, involving 295 unique malicious IP addresses. As attackers seek to exploit these vulnerabilities, experts recommend strengthening security measures to protect against unauthorized access.
-
Former Black Basta Affiliates Adapt Tactics Amid Ongoing Cyber Threats
Former members of the Black Basta ransomware operation have adapted their tactics, leveraging email phishing and Microsoft Teams phishing to gain access to networks. The report highlights the evolution of these cybercriminals even as the Black Basta brand faces challenges.
