Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Eurail says December breach exposed data of 300,000 people
Eurail said a December 2025 breach exposed personal data from more than 300,000 people, including passport details and contact information. Users were told to reset passwords, watch for phishing and monitor bank accounts.
-
Cisco Talos warns attackers are abusing GitHub and Jira notifications for phishing
Cisco Talos says attackers are abusing GitHub and Jira notification systems to send phishing emails that pass standard authentication checks and may look trusted to corporate users.
-
Adobe Reader zero-day exploited through malicious PDFs since December 2025
A technical analysis says attackers have abused a previously unknown Adobe Reader zero-day through malicious PDFs since at least December 2025. The files can run JavaScript, collect data and potentially deliver more payloads.
-
Atomic Stealer campaign abuses macOS Script Editor in ClickFix variation
A new macOS malware campaign is using Script Editor in a ClickFix-style attack to deliver Atomic Stealer, avoiding Terminal prompts and relying on fake Apple-themed pages that push users to run malicious code.
-
13-year-old ActiveMQ flaw lets attackers run commands remotely
Researchers found a 13-year-old remote code execution flaw in Apache ActiveMQ Classic that can let attackers run commands. The bug affects versions before 5.19.4 and some 6.x releases, and Apache has already released fixes.
-
Masjesu botnet emerges as DDoS-for-hire service targeting IoT devices
Researchers say the Masjesu botnet has been sold as a DDoS-for-hire service since 2023, targeting IoT devices across multiple architectures while using stealth tactics, self-propagation and hard-coded control channels.
-
Russian military hackers target thousands of consumer routers, researchers say
Russian military-linked hackers used tens of thousands of consumer routers in 120 countries to reroute traffic to credential-harvesting sites, researchers said. The campaign targeted older MikroTik and TP-Link devices and used DNS changes to intercept connections.
-
Anthropic launches Project Glasswing to use Claude Mythos for vulnerability hunting
Anthropic launched Project Glasswing to use its Claude Mythos preview model for vulnerability hunting, saying the system found thousands of flaws and can also be powerful enough to aid exploitation.
-
Dutch healthcare software vendor ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft was hit by a ransomware attack on April 7, knocking its website offline and forcing some hospitals to take systems offline. The company serves about 80 percent of hospitals in the Netherlands.
-
North Korea-linked campaign spreads across five open-source ecosystems
A North Korea-linked campaign has spread malicious packages across five open-source ecosystems, with a technical analysis saying more than 1,700 packages have been linked to the activity since January 2025.
