Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Multi-stage phishing campaign in Russia delivers Amnesia RAT and ransomware via GitHub and Dropbox
A multi-stage phishing campaign observed in Russia delivers Amnesia RAT and Hakuna Matata ransomware. The chain uses GitHub and Dropbox for payload staging and disables Defender before stealing data and encrypting files.
-
Sandworm used DynoWiper in failed cyber attack on Poland power system
ESET technical analysis said Sandworm used a new wiper called DynoWiper in an unsuccessful attack on Poland’s power system on December 29 and 30 2025. Targets included CHP plants and a renewable generation management system.
-
Malicious VSCode extensions with 1.5 million installs exfiltrate developer data
Two malicious Visual Studio Code extensions installed about 1.5 million times read and transmit open files and workspace data to China based servers, the technical analysis by Koi Security reports.
-
CISA adds four vulnerabilities to KEV catalog and sets federal patch deadline
CISA added four vulnerabilities to its Known Exploited Vulnerabilities catalog on January 22, 2026, citing active exploitation. Federal agencies must apply fixes by February 12, 2026 under BOD 22-01 to secure networks.
-
Phishing campaign leverages stolen credentials to deploy legitimate RMM for persistent access
Researchers reported a dual-wave phishing campaign that harvests Outlook, Yahoo and AOL credentials to register with LogMeIn and deploy LogMeIn Resolve via a signed executable named GreenVelopeCard.exe to maintain persistent remote access.
-
Multi-stage AitM phishing and BEC campaign abused SharePoint to target energy organisations
Microsoft flagged a multi-stage AitM phishing and BEC campaign using SharePoint links and inbox rules to persist. One observed case sent over 600 phishing messages. Mitigation requires revoking session cookies and deleting attacker-created rules.
-
Critical GNU InetUtils telnetd flaw allows remote root login
A critical CVE-2026-24061 in GNU InetUtils telnetd allows remote authentication bypass and potential root login on versions 1.9.3 through 2.7 rated 9.8 CVSS. Administrators are urged to patch or disable telnetd.
-
GDPR fines pass £1 billion as daily breach reports top 400
Europe’s GDPR fines topped £1 billion in 2025 and authorities recorded an average of 443 breach notifications a day, a 22 percent rise and the first time daily reports passed 400 since GDPR took effect.
-
Malicious PyPI package sympy-dev impersonates SymPy to install XMRig miner
A malicious PyPI package named sympy-dev impersonates the SymPy library to deliver an XMRig cryptocurrency miner on Linux. The package has been downloaded over 1,100 times since January 17 2026 and remains available.
-
SmarterMail authentication bypass exploited days after patch enables admin reset and RCE
An authentication bypass in SmarterMail that allows resetting administrator passwords and enabling system-level command execution was exploited two days after a vendor patch. A watchTowr Labs technical analysis describes the vulnerability and exploitation timeline.
