Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
The North Face Alerts Customers Following Latest Credential Stuffing Attack
The North Face has alerted customers of a credential stuffing attack that exposed personal information on April 23, 2025. This incident marks the fourth such attack on the company since 2020, raising significant concerns about cybersecurity practices in the retail sector.
-
Google Addresses Active Exploit with Chrome Security Update
Google has released emergency fixes for its Chrome browser to address a critical vulnerability, CVE-2025-5419, that is being actively exploited in the wild. Users are urged to update to safeguard against potential threats.
-
Google Chrome to Disregard Certificates from Chunghwa Telecom and Netlock Starting August 2025
Google Chrome will stop trusting root CA certificates from Chunghwa Telecom and Netlock due to ongoing compliance failures, effective August 1, 2025. This decision will impact site access for users, leading to security warnings.
-
Nation-State Actor Breaches ConnectWise Customers’ ScreenConnect Instances
ConnectWise has disclosed that a nation-state actor compromised the ScreenConnect cloud instances of some customers, exploiting a vulnerability before a critical patch was implemented. The company is investigating the breach with the help of forensic experts.
-
MainStreet Bancshares Reports Data Breach Affecting Customer Information
MainStreet Bancshares has disclosed a data breach that affected a significant portion of its customer base due to an incident involving a third-party provider. The bank reported to the SEC that its own infrastructure was unaffected, but the incident raises questions about cybersecurity in the banking sector.
-
Australia Mandates Reporting of Ransomware Payments by Victims
Australia has become the first nation to oblige ransomware attack victims to report extortion payments, affecting organizations with significant turnovers and enhancing government visibility into cybercrime.
-
Spear-Phishing Campaign Targets CFOs with Advanced Techniques
A sophisticated spear-phishing campaign has been identified, targeting CFOs across various sectors with the aim of deploying a legitimate remote access tool, Netbird, to gain unauthorized access to sensitive financial systems.
-
Cisco IOS XE Flaw Exposes Devices to Security Risks
A recently disclosed vulnerability in Cisco IOS XE software allows unauthorized remote access, potentially exposing devices to significant security risks. Cisco and independent researchers urge immediate actions for mitigation.
-
New Vulnerabilities Discovered in Linux Core Dump Handlers Pose Security Risks
Two vulnerabilities in Linux core dump handlers could allow local attackers to access sensitive information, prompting security warnings from Qualys and other vendors. Mitigation measures are being recommended to protect user data.
-
International Law Enforcement Operation Disrupts Major Cybercrime Tool AVCheck
Authorities have dismantled AVCheck, a cybercriminal service that tested malware against antivirus software. This effort represents a significant step in combating organized cybercrime, as law enforcement agencies worldwide collaborate to disrupt criminal operations.
