Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
LeakNet adopts ClickFix via compromised websites and runs Deno in memory
ReliaQuest’s technical report says LeakNet now uses ClickFix fake CAPTCHA pages on compromised sites to trick users and a Deno-based in-memory loader. Post-compromise steps include DLL side-loading, PsExec lateral movement and S3 exfiltration.
-
DDoS attack disables Perm parking payments, drivers excused for March 10–13
A DDoS attack knocked Perm’s parking payment portal offline from March 10 to 13, leaving paid parking zones free and drivers excused for non-payment while systems were restored.
-
Konni uses compromised KakaoTalk desktops to spread EndRAT via spear-phishing
Konni used spear-phishing to install EndRAT and other RATs then abused compromised KakaoTalk desktops to send malicious ZIP attachments to selected contacts maintaining long-term persistence and stealing internal documents.
-
ForceMemo offshoot of GlassWorm force pushes malware into hundreds of Python repositories
A supply chain campaign called ForceMemo stole GitHub tokens and force-pushed obfuscated code into hundreds of Python repositories starting March 8, 2026. Compromised packages and pip installs may deliver remote payloads.
-
Attack on Stryker erased nearly 80,000 employee devices, company says
Stryker says an attack limited to its internal Microsoft environment erased nearly 80,000 employee devices on March 11. Medical products remain safe but ordering systems are offline and orders must be placed manually while recovery continues.
-
CISA adds Wing FTP information disclosure flaw CVE-2025-47813 to KEV catalog
CISA added CVE-2025-47813, an information disclosure in Wing FTP Server, to its Known Exploited Vulnerabilities catalog. The bug affects versions up to 7.4.3 and was fixed in 7.4.4. Agencies should apply fixes by March 30, 2026.
-
ClickFix campaigns used search ads and ChatGPT lures to deliver MacSync macOS stealer
Sophos found three ClickFix campaigns that tricked users into pasting Terminal commands to install MacSync, a macOS infostealer that steals credentials, keychain data and wallet seed phrases. Campaigns ran from November 2025 to February 2026.
-
DRILLAPP backdoor runs in Edge to target Ukrainian entities
A February 2026 campaign used a JavaScript backdoor called DRILLAPP that runs in Microsoft Edge to capture files, microphone audio, camera video and screen images via the browser.
-
Android 17 Beta 2 blocks non-accessibility apps from accessibility API while Advanced Protection Mode is active
Android 17 Beta 2 tests a restriction that blocks non-accessibility apps from the accessibility services API while Advanced Protection Mode is enabled and revokes existing permissions to reduce misuse of the API.
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
