Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Two n8n sandbox escape flaws allow remote code execution
JFrog Security Research disclosed two eval injection flaws in n8n that can bypass sandboxes and allow remote code execution. One is rated CVSS 9.9. Users are advised to update affected versions.
-
Mustang Panda deploys updated COOLCLIENT backdoor to steal endpoint data
An updated COOLCLIENT backdoor linked to Mustang Panda was used in 2025 to steal keystrokes, browser credentials and files from government endpoints across Myanmar, Mongolia, Malaysia and Russia, according to a technical analysis by Kaspersky.
-
Two malicious PyPI spellchecker packages delivered Python RAT and were downloaded over 1,000 times
Researchers found two malicious PyPI packages that hid a Base64 downloader in a Basque dictionary file and delivered a Python RAT after a January 21 2026 update. The packages were downloaded just over 1,000 times before removal.
-
Cellbreak Pyodide sandbox escape in Grist‑Core allows remote code execution
A Pyodide sandbox escape in Grist‑Core, CVE-2026-24002, can enable remote code execution and host runtime JavaScript. The flaw was fixed in version 1.7.9 on January 9, 2026. Update or set the sandbox to gvisor.
-
PeckBirdy JScript framework used by China-aligned actors to target gambling and government sites
A JScript C2 framework called PeckBirdy has been used since 2023 to compromise gambling sites and Asian government and private organizations. The framework runs across browsers and common binaries and delivers modular backdoors including HOLODONUT and MKDOOR.
-
Multiple groups exploit WinRAR CVE-2025-8088 using Alternate Data Streams since July 2025
Multiple state-backed and criminal groups have exploited the high severity WinRAR path traversal CVE-2025-8088 since July 18, 2025. Exploits hide payloads in Alternate Data Streams and can drop persistent launchers to Startup folders.
-
WhatsApp adds Strict Account Settings to block media from unknown contacts
Meta announced Strict Account Settings for WhatsApp to lock accounts to restrictive options and block media from unknown contacts. The feature rolls out over weeks and a Rust-based media library will be used to improve memory safety.
-
Pakistan-linked campaigns use new tradecraft to target Indian government in September 2025
Two campaigns codenamed Gopher Strike and Sheet Attack targeted Indian government entities in September 2025 using phishing and legitimate services for command and control. Malware included a Golang downloader, GitHub-based backdoors and a loader for Cobalt Strike.
-
Over 6,000 SmarterMail servers exposed and likely vulnerable to critical auth bypass
Shadowserver found more than 6,000 SmarterMail servers exposed and likely vulnerable to CVE-2026-23760, a critical authentication bypass that can reset admin passwords and allow remote code execution. A vendor fix was released in build 9511.
-
Microsoft issues emergency patch for Office zero-day CVE-2026-21509
Microsoft issued out-of-band patches for Office zero-day CVE-2026-21509, rated 7.8. Service-side protection covers newer builds and a registry workaround is provided for older Office versions. Federal agencies must remediate by February 16, 2026.
