Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Threat actors exploit Metro4Shell RCE in React Native CLI
Threat actors exploited a critical Metro Development Server RCE in the @react-native-community/cli package starting December 21, 2025, tracked as CVE-2025-11953 with a CVSS score of 9.8.
-
APT28 exploits Microsoft Office bug to deploy email stealer and Covenant implant
Russia-linked APT28 exploited a Microsoft Office bypass tracked as CVE-2026-21509 to deliver an Outlook email stealer and a Covenant Grunt implant in Ukraine, Slovakia and Romania, researchers say.
-
Audit finds 341 malicious skills on ClawHub marketplace
An analysis found 341 malicious skills on the ClawHub marketplace among 2,857 audited entries. The skills used fake prerequisites and scripts to deliver macOS information stealers and backdoors, creating a supply chain risk for OpenClaw users.
-
NationStates confirms data breach after player gained server access
NationStates took its site offline on January 27, 2026 after an unauthorized user gained remote code execution on the production server and copied user data. Exposed items include email addresses and MD5 password hashes.
-
State actors hijacked Notepad++ updater to redirect users to malicious servers
Notepad++’s maintainer said attackers compromised hosting infrastructure to hijack the updater and redirect some users to malicious servers. The activity began in June 2025 and credentials persisted until December 2 2025.
-
eScan update servers used to deliver persistent downloader in supply chain attack
Unknown attackers distributed a malicious eScan update on January 20, 2026 that replaced reload.exe and deployed a downloader. The vendor isolated servers for over eight hours and published a patch to revert the changes.
-
Threat actor compromises about 1,400 exposed MongoDB servers in low-value extortion campaign
A technical analysis found a threat actor compromised about 1,400 exposed MongoDB servers, leaving ransom notes demanding about 0.005 BTC per victim. Researchers identified roughly 208,500 exposed servers and many running outdated versions.
-
Iran-linked RedKitten campaign uses AI-generated macros to deploy SloppyMIO backdoor
A HarfangLab technical analysis links a January 2026 campaign to an Iran-aligned actor using macro-laced Excel files to deploy the SloppyMIO backdoor that retrieves configuration via GitHub and exfiltrates via Telegram.
-
TriZetto breach may have exposed PHI for more than 700,000, Oregon providers to notify patients
An intrusion into TriZetto Provider Solutions discovered in October 2025 may have exposed protected health information for more than 700,000 people. Local Oregon providers will notify thousands of patients about exposed records.
-
Researchers find Chrome extensions that hijack affiliate links and scrape data
Security researchers uncovered Chrome extensions that rewrite affiliate links and scrape product data. A Socket technical analysis links the behavior to a cluster of 29 add ons that target major e commerce sites and exfiltrate information.
