Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Microsoft patches active SharePoint flaw in record 169-vulnerability update
Microsoft released patches for 169 vulnerabilities, including an actively exploited SharePoint spoofing flaw and a critical Windows IKE remote code execution bug. CISA added the SharePoint issue to its known exploited list.
-
OpenAI launches GPT-5.4-Cyber for defensive security work
OpenAI launched GPT-5.4-Cyber for defensive security work and expanded its Trusted Access for Cyber program to thousands of defenders. The company said the rollout is meant to improve safeguards while limiting misuse.
-
European regulators largely excluded from early access to Anthropic’s Mythos model
European regulators have largely been excluded from early access to Anthropic’s Mythos cybersecurity model, while a small group of mostly U.S. tech companies and the UK AI Security Institute have been allowed to test it.
-
Composer fixes two high-severity flaws that could allow command execution
Composer has fixed two high-severity command injection flaws that could allow arbitrary command execution through malicious Perforce data. The issues affect multiple PHP package manager releases and were addressed in version 2.9.6 and 2.2.27.
-
Researchers link AI-driven Pushpaganda scam to Google Discover ad fraud
Researchers say a new ad fraud campaign used AI-generated content and Google Discover to push users toward notification-based scams. The operation, dubbed Pushpaganda, was tied to 113 domains and about 240 million bid requests in seven days.
-
108 malicious Chrome extensions linked to shared server, data theft
Researchers found 108 malicious Chrome extensions tied to one backend server, with the add-ons used to steal account data, exfiltrate Telegram sessions and inject ads or scripts into visited pages.
-
ShowDoc flaw under active exploitation as users urged to update
A critical ShowDoc flaw tracked as CVE-2025-0520 is being actively exploited, with attackers using it to drop web shells on a U.S. honeypot. The bug affects older versions of the software and was fixed in 2020.
-
Google adds Rust-based DNS parser to Pixel modem firmware
Google has added a Rust-based DNS parser to Pixel 10 modem firmware, saying the change lowers risk in a sensitive part of cellular communications and reduces exposure to memory-safety vulnerabilities.
-
CISA adds six exploited flaws to Known Exploited Vulnerabilities catalog
CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, including flaws in Fortinet, Adobe and Microsoft products. Federal agencies face April 27, 2026 deadlines for most fixes.
-
Basic-Fit says breach exposed data of about 1 million members
Basic-Fit said hackers accessed data tied to about 1 million members after breaching a system that records club visits, exposing names, addresses, phone numbers, birth dates and bank account details.
