Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Basic-Fit says breach exposed data of about 1 million members
Basic-Fit said hackers accessed data tied to about 1 million members after breaching a system that records club visits, exposing names, addresses, phone numbers, birth dates and bank account details.
-
JanelaRAT malware targets banks in Brazil and Mexico, Kaspersky says
JanelaRAT malware has targeted banks and financial institutions in Brazil and Mexico, with Kaspersky recording more than 26,000 attacks there in 2025. The trojan can steal credentials, track activity and use browser extensions for fraud.
-
Booking.com says hackers accessed reservation data, forces PIN resets
Booking.com said hackers accessed some reservation-related data and forced PIN resets for existing and past bookings. The company notified affected users by email and said it had contained the suspicious activity.
-
OpenAI revokes Mac app certificate after Axios supply chain incident
OpenAI said a GitHub Actions workflow used to sign its Mac apps downloaded a malicious Axios package on March 31. The company is revoking the certificate, but said it found no evidence of data or system compromise.
-
APT37 Uses Facebook, Telegram in RokRAT Phishing Campaign
North Korea-linked APT37 used Facebook and Telegram to deliver RokRAT in a multi-stage campaign that relied on fake personas, a trojanized PDF viewer and compromised infrastructure, according to a technical analysis by Genians Security Center.
-
Critical Marimo flaw exploited within 10 hours of disclosure
A critical Marimo Python notebook flaw was exploited less than 10 hours after disclosure, with attackers gaining shell access and stealing credentials from a vulnerable instance in under three minutes, according to a technical analysis from Sysdig.
-
FBI, Indonesian Police Disrupt Global Phishing Network Using W3LL Toolkit
The FBI and Indonesian police dismantled infrastructure tied to a global phishing operation using the W3LL toolkit, seized domains and detained an alleged developer. Officials said the scheme targeted more than 17,000 victims in 2023 and 2024.
-
New VENOM phishing attacks target Microsoft logins of senior executives
A new phishing-as-a-service platform called VENOM has been targeting Microsoft credentials of senior executives since at least last November, using personalized lures, QR codes and methods that can capture session tokens.
-
UAT-10362 targets Taiwanese NGOs with Lua malware in spear-phishing campaign
A previously undocumented threat cluster called UAT-10362 has targeted Taiwanese NGOs and suspected universities with spear-phishing emails carrying Lua-based malware, according to Cisco Talos. The campaign uses DLL side-loading, geofencing and layered dropper tools.
-
Smart Slider update hijacked to push malicious WordPress and Joomla versions
Hackers hijacked the Smart Slider 3 Pro update system for WordPress and Joomla, pushing a malicious version that could create hidden admin accounts, install backdoors and steal credentials, according to the vendor and a technical analysis.
