Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
-
GlassWorm campaign escalates with transitive Open VSX extensions
A Socket report flagged a GlassWorm escalation in Open VSX with 72 malicious extensions found since January 31, 2026. The campaign uses transitive extension installs and invisible Unicode obfuscation to deliver payloads.
-
Suspected China-based operation targets Southeast Asian military organizations
A technical analysis by Palo Alto Networks Unit 42 says a suspected China-based espionage campaign has targeted Southeast Asian military organizations since at least 2020 using modular backdoors and Pastebin-based command and control.
-
Poland’s nuclear research centre foils cyberattack, says systems blocked intrusion
Poland’s National Centre for Nuclear Research says a cyberattack on its IT systems was detected and blocked this week before any impact. The MARIA research reactor was not affected and an investigation is under way.
-
INTERPOL operation dismantles 45,000 malicious IPs in 72-country cyber crackdown
INTERPOL announced the takedown of 45,000 malicious IPs and servers in a 72-country operation that led to 94 arrests and 212 devices seized. India’s CBI carried out searches in a related transnational online investment fraud probe.
-
Storm-2561 uses SEO poisoning to deliver trojan VPN clients that steal credentials
Microsoft disclosed a credential theft campaign that used SEO poisoning to deliver digitally signed trojan VPN clients that harvest credentials. The activity was observed in mid-January 2026 and is linked to Storm-2561.
-
European Parliament extends temporary CSAM detection exemption until August 2027
The European Parliament extended a temporary ePrivacy derogation allowing voluntary CSAM detection until 3 August 2027. Lawmakers imposed limits and exclusions for end-to-end encryption as they work to negotiate a permanent legal framework.
-
Google patches two Chrome zero-days exploited in the wild
Google released Chrome updates to fix two high severity zero-days exploited in the wild. Both are scored 8.8. Users should update Chrome to the listed versions on Windows macOS and Linux to reduce risk.
-
Nine CrackArmor Flaws in Linux AppArmor Could Enable Local Root Escalation
Qualys disclosed nine confused deputy vulnerabilities in the Linux kernel AppArmor module that can allow unprivileged users to bypass protections, escalate to root, and undermine container isolation. Vendors and administrators should prioritise kernel patches.
-
Starbucks says 889 Partner Central accounts were compromised in employee data breach
Attackers accessed 889 Starbucks Partner Central accounts used by employees. Exposed data includes names, Social Security numbers, dates of birth, and bank account information. Impacted partners are being offered two years of identity theft protection and credit monitoring.
