Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Checkmarx says LAPSUS$ leaked data from stolen GitHub repository
Checkmarx said LAPSUS$ leaked 96GB of data stolen from its private GitHub repository after a March 23 compromise linked to a supply chain attack. The company said it has not found customer information so far.
-
VECT 2.0 ransomware flaw can make files unrecoverable, researchers say
Researchers say VECT 2.0 ransomware can permanently destroy files larger than 131,072 bytes on Windows, Linux and ESXi systems, making recovery impossible even for victims who pay. The group has only two listed victims so far.
-
Critical LeRobot flaw could let attackers run code on robotics systems
A critical flaw in Hugging Face’s LeRobot robotics platform could let an unauthenticated attacker run code on affected systems. The issue is tracked as CVE-2026-25874 and remains unpatched, with a fix planned for version 0.6.0.
-
Microsoft says Windows Shell flaw was actively exploited after patch
Microsoft said a Windows Shell spoofing flaw was actively exploited after patching, with researchers linking the issue to an incomplete fix and a zero-click path that could expose NTLM credentials.
-
Robinhood fixes account creation flaw used to send phishing emails
Robinhood said attackers abused a flaw in its account creation flow to send phishing emails from a legitimate company address. The company said no customer accounts, personal information or funds were impacted.
-
Medtronic confirms network breach after hackers claim theft of 9 million records
Medtronic said hackers breached corporate IT systems and may have accessed personal data after ShinyHunters claimed theft of more than 9 million records and terabytes of internal data.
-
PhantomCore linked to attacks on TrueConf servers in Russia
PhantomCore has been tied to attacks on TrueConf servers in Russia since September 2025, using three vulnerabilities to run commands remotely and move deeper into victim networks, according to a technical analysis by Positive Technologies.
-
Researchers flag 73 fake VS Code extensions tied to GlassWorm campaign
Researchers flagged 73 fake Visual Studio Code extensions on Open VSX tied to the GlassWorm campaign. Six were confirmed malicious, while the rest were sleeper packages designed to build trust before delivering malware.
-
Fake CAPTCHA scam used SMS charges, Keitaro abused in 120 campaigns
Researchers said fake CAPTCHA pages have been used since at least 2020 to trigger costly international SMS traffic, while more than 120 other campaigns abused Keitaro TDS for malware, crypto theft and investment scams.
-
Microsoft fixes Entra ID role flaw that could let users take over service principals
Microsoft fixed an Entra ID role flaw that could let users with the Agent ID Administrator role take over non-agent service principals, add credentials and potentially escalate privileges, according to a Silverfort technical analysis.
