Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Itron says unauthorized party accessed internal systems in cyberattack
Itron said an unauthorized third party accessed some internal systems in a cyberattack and that it blocked the activity after detecting it on April 13, 2026. The company said business operations were not materially disrupted and customer systems were not affected.
-
LMDeploy flaw exploited within 13 hours of disclosure, researchers say
LMDeploy flaw CVE-2026-33626 was exploited within 13 hours of disclosure, researchers said. The SSRF issue could expose cloud credentials and internal services, and early attacks probed metadata, databases and loopback targets.
-
Tropic Trooper campaign uses trojanized SumatraPDF to deploy AdaptixC2
A campaign tied to Tropic Trooper is using a trojanized SumatraPDF reader to deploy AdaptixC2 and, in some cases, Visual Studio Code tunnels for remote access against targets in Taiwan, South Korea and Japan.
-
SentinelOne finds old malware that may have aimed to sabotage engineering software
SentinelOne says it found old malware that may have been built to sabotage engineering and physics simulation software. The sample appears to predate Stuxnet by years and may have targeted precision calculation tools used in several technical fields.
-
UNC6692 Uses Microsoft Teams Help Desk Impersonation to Push Custom Malware
UNC6692 used Microsoft Teams help desk impersonation, email bombing and a custom malware chain to target corporate users, according to Mandiant. The activity included credential harvesting, remote access, tunneling and later-stage network movement.
-
Bitwarden CLI hit by npm supply chain compromise in Checkmarx-linked campaign
Bitwarden said its CLI package was briefly compromised on npm on April 22, 2026, in a supply chain attack that targeted developer secrets and CI/CD credentials through version 2026.4.0.
-
Rituals discloses data breach affecting My Rituals members
Rituals said attackers stole personal information from its My Rituals membership database, affecting an undisclosed number of customers. The company said passwords and payment information were not accessed and that it has contained the breach.
-
China-linked GopherWhisper infiltrates Mongolian government systems, ESET says
ESET says a China-aligned group called GopherWhisper targeted Mongolian government institutions, infecting about 12 systems and using Discord, Slack, Outlook and file.io for control and exfiltration.
-
Vercel Finds More Customer Accounts Compromised After Security Incident
Vercel said it found additional customer accounts compromised in a security incident that exposed its internal systems, but did not say how many were affected. The company linked the breach to a compromised Context.ai account used by a Vercel employee.
-
Apple fixes iOS bug that kept deleted notifications on devices
Apple has fixed an iOS and iPadOS bug that could leave deleted notifications on iPhones and iPads, after reports that message copies could be recovered from notification databases in a forensic examination.
