Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
China-linked UAT-8099 targets IIS servers in Asia with BadIIS SEO fraud
Researchers found a late 2025 to early 2026 campaign by UAT-8099 that used web shells and BadIIS malware to run SEO fraud on IIS servers, concentrating attacks in Thailand and Vietnam.
-
SmarterMail patched critical unauthenticated RCE and path coercion flaws
SmarterMail fixes address a critical unauthenticated remote code execution flaw CVE-2026-24423 rated 9.3 and a medium severity path coercion issue that can enable NTLM relay. Administrators should install the updated builds immediately.
-
Ivanti issues fixes for two critical EPMM code injection zero day flaws
Ivanti released updates for two critical EPMM code injection vulnerabilities that allow unauthenticated remote code execution. One was added to the CISA KEV catalog. Patches, detection steps and remediation guidance are published in the vendor advisory.
-
Google disrupts IPIDEA residential proxy network linked to malware
Google Threat Intelligence Group disrupted IPIDEA this week, taking down domains and infrastructure tied to a residential proxy network promoted to 6.7 million users. The action targeted trojanized apps and embedded SDKs that turned devices into proxies.
-
Investigation finds 175,000 publicly accessible Ollama hosts across 130 countries
A SentinelOne Labs analysis found 175,000 publicly accessible Ollama hosts in 130 countries, many exposing tool calling capabilities and operating outside standard platform guardrails, raising governance and security concerns for edge LLM deployments.
-
NIST center issues RFI seeking input on security for autonomous AI agents
A Request for Information from NIST’s CAISI asked for input on secure practices for autonomous AI agents on Jan. 8, focusing on novel risks, assessment methods, and deployment constraints as agencies push toward operational standards.
-
TA584 adopts Tsundere Bot and XWorm in expanded initial access campaign
TA584 is using Tsundere Bot and XWorm in phishing campaigns that tripled in late 2025. The chain uses geofenced URLs, redirect systems, CAPTCHA and PowerShell in memory loaders that complicate detection.
-
eScan update server breached to deliver malicious update on January 20 2026
An eScan update server was breached on January 20 2026 and pushed a malicious update to a subset of customers. Morphisec’s security bulletin details the modified updater and final backdoor payload.
-
Critical vm2 sandbox escape CVE-2026-22709 allows arbitrary code execution
A critical sandbox escape in the vm2 Node.js library, tracked as CVE-2026-22709 and rated CVSS 9.8, lets attackers run code on host systems. Users should update to vm2 3.10.3.
-
Two n8n sandbox escape flaws allow remote code execution
JFrog Security Research disclosed two eval injection flaws in n8n that can bypass sandboxes and allow remote code execution. One is rated CVSS 9.9. Users are advised to update affected versions.
