Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Romanian man gets 56 months for hacking Oregon state network
A Romanian national was sentenced to 56 months in federal prison for breaching an Oregon state government network and selling access to other U.S. victims, in a case tied to at least $250,000 in losses.
-
New campaign targets crypto firms with macOS malware and supply chain attacks
A new campaign against cryptocurrency firms and developers used fake recruitment lures, macOS malware and a supply chain attack to steal credentials and target development infrastructure, according to a technical analysis by Wiz.
-
Grandoreiro and BTMOB campaigns target banking users in Europe and Latin America
Researchers say Grandoreiro and BTMOB are being used in separate campaigns against banking users in Europe and Latin America, combining phishing, DLL side-loading and Android social engineering with malware-as-a-service sales.
-
Malicious npm package used GitHub uploads to steal files from AI workspace
A malicious npm package was found stealing files from Claude’s workspace directory by using GitHub uploads during installation. Researchers said the package hid the theft behind fake sync and network logs.
-
CrowdStrike and partners disrupt GlassWorm malware command channels
CrowdStrike said it and partners disrupted all command and control channels used by GlassWorm, a developer-targeting malware campaign that poisoned more than 300 GitHub repositories and used four separate infrastructure layers.
-
Gitea flaw exposed private container images in self-hosted deployments
A Gitea flaw allowed unauthenticated users to pull private container images from self-hosted deployments, affecting versions before 1.26.2. Researchers said more than 30,000 instances may have been exposed.
-
Microsoft says AI chatbot recommendations were used to steer users to cryptojacking sites
Microsoft said it blocked a cryptojacking campaign that used AI chatbot recommendations and search poisoning to steer users to fake software downloads, with more than 150 malicious domains identified and ScreenConnect used to deploy miners.
-
FBI warns Silent Ransom Group is targeting US law firms in in-person data theft attacks
The FBI warned that Silent Ransom Group is targeting U.S. law firms with phishing, callback scams and, if needed, in-person access to steal data. The gang may use remote tools or connect external drives to victim computers.
-
Apple releases quantum-resistant cryptographic code and verification tools
Apple has released quantum-resistant cryptographic code and verification tools for its corecrypto library, including ML-KEM and ML-DSA. The company said the work found a bug that could have broken digital signatures.
-
MuddyWater campaign hit at least nine organizations across four continents, researchers say
MuddyWater was linked to a 2026 campaign that hit at least nine organizations in nine countries. Researchers said the group used DLL side loading, signed binaries and browser-stealing malware to support espionage.
