Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Researchers identify first malicious Outlook add-in that stole over 4,000 credentials
Researchers found the first malicious Outlook add-in in the wild, where a hijacked add-in domain hosted a fake sign in page and captured more than 4,000 credentials, exposing gaps in marketplace content monitoring.
-
Cross platform RAT campaigns target Indian defense and government aligned organisations
Multiple campaigns used Geta RAT, Ares RAT and DeskRAT to compromise Windows and Linux systems at Indian defense and government aligned organizations in late 2025 and early 2026.
-
Crazy ransomware gang abuses employee monitoring and SimpleHelp to maintain access
A technical analysis by Huntress found Crazy gang operators abused Net Monitor and SimpleHelp to keep access, move files, execute commands, and prepare ransomware. Initial access used compromised SSL VPN credentials and defenders should enforce multifactor authentication.
-
New Linux botnet SSHStalker uses IRC C2 and scanned nearly 7,000 hosts
SSHStalker is a Linux botnet that uses IRC for command and control and performed nearly 7,000 SSH scans in January. It compiles C bots on infected hosts and persists via one minute cron jobs. Operators should monitor compilers and block IRC outbound traffic.
-
North Korean operatives apply to remote jobs using real LinkedIn accounts, security post says
North Korean operatives are applying for remote jobs using real LinkedIn accounts they impersonate, using verified workplace details to appear legitimate. Employers are advised to validate candidate email control and confirm account ownership before hiring.
-
Reynolds ransomware bundles vulnerable driver to disable EDR tools
Researchers disclosed Reynolds ransomware that bundles a vulnerable NsecSoft NSecKrnl driver used to disable endpoint security. The driver is linked to CVE-2025-68947 with a CVSS score of 5.7.
-
Warlock ransomware breaches network through unpatched SmarterMail instance
A SmarterTools community advisory says the Warlock gang breached an unpatched SmarterMail instance on January 29, 2026, affecting about 12 Windows servers and a secondary data center. Updates and isolation were recommended to limit spread.
-
Conduent breach exposed personal data of nearly 17,000 Volvo employees
Nearly 17,000 US Volvo employees had personal data exposed after a Conduent breach. A Maine Attorney General filing shows 16,991 people were affected, with intruder access dated October 21, 2024 to January 13, 2025.
-
Report: Claude Desktop Extensions run unsandboxed, enabling zero-click RCE
A LayerX Security technical analysis found Claude Desktop Extensions run unsandboxed with full system privileges, enabling zero-click remote code execution via a malicious Google Calendar entry when MCP permissions are granted.
-
China-linked UNC3886 targeted Singapore telcos, agency says
Singapore’s Cyber Security Agency said UNC3886 targeted all four major telcos using a zero-day and rootkits. Authorities closed access points and expanded monitoring and found no evidence of customer data loss.
