Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Substack notifies users after email and phone data stolen in October 2025
Substack says attackers accessed email addresses, phone numbers and metadata in October 2025 and discovered the issue on February 3 2026. A posted database claims 697,313 records were leaked. The company says no financial data was exposed.
-
Italy thwarts cyberattacks tied to Russia ahead of Milano Cortina Games
Italy has begun defending against cyberattacks that targeted foreign ministry sites and some Milano Cortina Winter Olympics locations. The attacks were described as of Russian origin and mitigations were put in place before the Games.
-
Infy resumes operations with new C2 infrastructure after nationwide outage
Infy paused C2 activity on January 8, 2026 and reestablished new command and control servers on January 26, 2026, deploying Tornado version 51 and new delivery methods that include a weaponized WinRAR SFX.
-
Critical vulnerability CVE-2026-25049 in n8n could allow system command execution
A critical CVE-2026-25049 vulnerability in a workflow automation platform can enable authenticated users to run system commands. The flaw has CVSS 9.4 and is fixed in 1.123.17 and 2.5.2. Restrict workflow creation and apply patches.
-
DEAD#VAX campaign mounts IPFS VHDs to deliver in-memory AsyncRAT
Researchers disclosed DEAD#VAX, a campaign that uses IPFS-hosted VHD files to mount virtual drives and deploy AsyncRAT as encrypted shellcode run in memory, avoiding disk-based artifacts and complicating detection.
-
Amaranth Dragon exploits WinRAR flaw to target Southeast Asian agencies
Amaranth Dragon exploited CVE-2025-8088 in WinRAR to target government and law enforcement agencies across six Southeast Asian countries from mid-2025, delivering encrypted loaders and using Cloudflare-backed command servers.
-
LookOut flaws in Looker could allow server takeover and database theft
Two Looker vulnerabilities called LookOut can allow remote server takeover or theft of the internal management database. The vendor secured managed instances but self-hosted deployments must apply manual patches to prevent credential and data exposure.
-
Microsoft warns Python-based infostealers are targeting macOS via malvertising and fake installers
Microsoft warned in a technical analysis that Python-based infostealers have expanded to macOS since late 2025. Campaigns use malvertising, fake DMG installers, and fileless techniques to steal credentials and iCloud Keychain data.
-
CISA adds actively exploited SolarWinds Web Help Desk flaw CVE-2025-40551 to KEV
CISA added CVE-2025-40551 in SolarWinds Web Help Desk to its Known Exploited Vulnerabilities catalog, marking it actively exploited with a CVSS score of 9.8. Federal agencies face a February 6, 2026 remediation deadline.
-
Threat actors exploit Metro4Shell RCE in React Native CLI
Threat actors exploited a critical Metro Development Server RCE in the @react-native-community/cli package starting December 21, 2025, tracked as CVE-2025-11953 with a CVSS score of 9.8.
