Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Meta disables more than 150,000 accounts tied to Southeast Asia scam centres
Meta disabled more than 150,000 accounts tied to Southeast Asia scam centres and 21 arrests followed in Thailand, while new platform tools and a U.K. disruption unit aim to scale takedowns and reduce fraud.
-
UNC6426 used stolen npm keys to gain AWS administrator access in under 72 hours
UNC6426 leveraged keys from an August 2025 nx npm supply chain compromise to obtain a GitHub token and escalate to AWS administrator permissions in under 72 hours, leading to S3 data exfiltration and production resource destruction.
-
Five malicious Rust crates exfiltrated .env files and AI bot exploited GitHub Actions
Researchers found five malicious Rust crates on crates.io that exfiltrated .env files. Packages were removed. Users should rotate secrets, audit CI workflows and restrict outbound access to reduce supply chain risk.
-
BlackSanta EDR killer used in year long campaign targeting HR departments
A Russian speaking actor ran a year long campaign against HR departments deploying BlackSanta, an EDR killer that disables endpoint protections, uses DLL sideloading and vulnerable drivers to gain kernel level access.
-
KadNap botnet infects over 14,000 routers using peer-to-peer DHT to hide command infrastructure
KadNap, a router malware first seen in August 2025, has infected over 14,000 devices and uses a Kademlia DHT peer-to-peer network to hide command infrastructure and provide anonymized proxy services.
-
Nine LeakyLooker flaws in Google Looker Studio could expose GCP data
Tenable found nine cross-tenant vulnerabilities in Google Looker Studio that could have allowed arbitrary SQL queries and data exfiltration across Google Cloud tenants. Google patched the flaws after a June 2025 responsible disclosure.
-
APT28 uses BEARDSHELL and COVENANT to surveil Ukrainian military
ESET documented APT28 use of BEARDSHELL and COVENANT to surveil Ukrainian military since April 2024. The implants use cloud storage for command and control and show links to earlier APT28 tooling.
-
CISA adds three vulnerabilities to Known Exploited Vulnerabilities catalog and sets federal patch dates
CISA added three vulnerabilities to its Known Exploited Vulnerabilities catalog on Monday, covering Workspace One UEM, SolarWinds Web Help Desk, and Endpoint Manager. Federal civilian agencies must apply fixes by mid and late March.
-
Dutch advisory links Russian actors to Signal and WhatsApp account hijacking campaign
A Dutch AIVD advisory links Russian state-sponsored actors to phishing that hijacks Signal and WhatsApp accounts of officials and journalists. Attacks use fake support chatbots and malicious QR codes to seize or link devices and monitor messages.
-
Ericsson US discloses data breach after service provider hack
Ericsson Inc. notified individuals that attackers stole employee and customer data after a service provider was hacked. The provider detected the incident in April 2025. Texas filings list 4,377 affected.
