Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
FBI warns Americans about data risks from Chinese mobile apps
The FBI warned Americans about privacy and data security risks from foreign-developed mobile apps, especially those made by Chinese developers, saying some can collect extensive data and store it on servers in China.
-
Google links Axios npm compromise to suspected North Korean group
Google has linked the Axios npm supply chain compromise to a suspected North Korean group after attackers pushed trojanized package versions that could deliver malware to Windows, macOS and Linux systems.
-
Google Drive ransomware detection enabled by default for paying users
Google said its AI-powered Google Drive ransomware detection is now generally available and on by default for paying users, with sync pausing, alerts and file restoration available after an attack is detected.
-
Anthropic employee error exposed Claude Code source code through npm package
Anthropic said an employee exposed Claude Code source code by including a source map in an npm package. The company called it a packaging error, while experts said such files can reveal logic, prompts and secrets.
-
GIGABYTE Control Center flaw could allow remote file writes on Windows systems
GIGABYTE Control Center has a critical arbitrary file-write flaw that could allow remote unauthenticated attacks on Windows systems with pairing enabled. The vendor has released version 25.12.10.01 to address the issue.
-
Claude-assisted analysis finds Vim and Emacs flaws that can run code when files open
Researchers using Claude found remote code execution flaws in Vim and GNU Emacs that can trigger when a file is opened. Vim has been patched, while the Emacs issue remains unresolved.
-
Google rolls out Android developer verification to all developers
Google is rolling out Android developer verification to all developers, with new identity checks for apps distributed outside Google Play. The move starts in four countries in September and expands globally next year.
-
TrueConf zero-day exploited in attacks on Southeast Asian government entities
A zero-day in TrueConf client video conferencing software was exploited in attacks on Southeast Asian government entities. The flaw let a tampered update run arbitrary code, and the vendor has since patched it in Windows client 8.5.3.
-
Dutch finance ministry takes treasury banking portal offline after breach
The Dutch Ministry of Finance has taken its treasury banking portal offline while investigating a cyberattack detected on March 19. About 1,600 public institutions are unable to view balances online, though payments continue through regular banking channels.
-
Google Vertex AI flaw could expose cloud data, researchers say
Researchers say a Google Cloud Vertex AI flaw could let an attacker abuse AI agent permissions to reach customer data and restricted internal repositories. Google has updated guidance and urged least-privilege controls.
