Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
New MaaS Stanley promises phishing extensions on Chrome Web Store
A technical analysis found the Stanley MaaS offers Chrome extensions that overlay phishing iframes and promises to pass Chrome Web Store review. The service includes auto-install, persistent C2 polling, geotargeting, and a paid Luxe plan.
-
CISA publishes post-quantum procurement guidance but experts warn it lacks operational detail
CISA published guidance on Jan. 23 listing federal products for post-quantum cryptography. Experts warned the document lacks operational detail on inventories, timelines and authentication support, complicating procurement and migration efforts.
-
Phishing campaign in India deploys Blackmoon variant and SyncFuture TSM
Security researchers found a phishing campaign targeting Indian taxpayers that uses fake Income Tax Department notices to deliver a multi stage backdoor which installs a Blackmoon variant and SyncFuture TSM for persistent remote access.
-
EU opens DSA investigation into X after Grok generated sexual images
The EU opened DSA proceedings against X after its Grok AI tool produced sexually explicit images, including possible child sexual abuse material. UK and US regulators are also examining the platform while X limited Grok image features to paid subscribers.
-
Git dependencies can bypass npm ignore-scripts protections, researchers find
Koi Security found that Git dependencies can circumvent npm’s –ignore-scripts protection and allow code execution. Several JavaScript package managers patched the flaws but npm closed the report and did not apply a fix
-
Konni uses AI generated PowerShell malware to target blockchain developers
Konni used AI generated PowerShell malware to target blockchain developers in Japan, Australia and India, using spear-phishing with LNK files and multi stage loaders to deploy a persistent backdoor, according to a Check Point Research technical report.
-
Google expands Personal Intelligence into AI Mode in Search
A product blog from Google announced Personal Intelligence will expand into AI Mode in Search, letting AI Pro and AI Ultra subscribers opt in to link Gmail and Photos for tailored results as a Labs experiment starting today.
-
Entra ID to auto-enable passkey profiles and add synced passkeys from March 2026
Starting March 2026 Entra ID will automatically enable passkey profiles and add support for synced passkeys. A Microsoft message center announcement outlines staged rollout with opt-in and automatic migration and a new passkeyType profile setting.
-
AWS Payment Cryptography passes PCI PIN audit with zero findings
AWS published an updated PCI PIN compliance package for AWS Payment Cryptography. A PCI PIN Attestation of Compliance shows validation by a QSA with zero findings and a Responsibility Summary clarifies customer obligations.
-
Multi-stage phishing campaign in Russia delivers Amnesia RAT and ransomware via GitHub and Dropbox
A multi-stage phishing campaign observed in Russia delivers Amnesia RAT and Hakuna Matata ransomware. The chain uses GitHub and Dropbox for payload staging and disables Defender before stealing data and encrypting files.
