Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Check Point Research says VoidLink cloud malware was largely AI generated
A Check Point Research technical analysis says the VoidLink Linux cloud malware was largely generated with AI, reaching about 88,000 lines of code and a functional iteration within a week after development began in late November 2025.
-
North Korean linked actors use malicious VS Code projects to deploy backdoor
Jamf reported North Korean linked actors abused Visual Studio Code task files to execute obfuscated JavaScript that fetches backdoors and enables remote code execution targeting developers who clone and open repositories.
-
Three flaws in Anthropic mcp-server-git could expose files and enable code execution
Three vulnerabilities in Anthropic’s mcp-server-git could expose or overwrite files and enable code execution in chained attacks. Patches were released in versions 2025.9.25 and 2025.12.18 after a technical analysis by Cyata.
-
LinkedIn messages used to deliver RAT via DLL sideloading
A LinkedIn phishing campaign delivers a WinRAR SFX that sideloads a malicious DLL and installs a Python interpreter which runs Base64 in-memory shellcode to deploy a remote access trojan and exfiltrate data.
-
Evelyn Stealer targets VS Code extensions to harvest developer credentials
Trend Micro published a technical analysis describing Evelyn Stealer, an information stealer distributed via malicious VS Code extensions. The malware harvests developer credentials and crypto wallets and uploads data to an FTP server.
-
Cloudflare patches ACME HTTP-01 validation bug that could bypass WAF
Cloudflare said in a blog post it fixed an ACME HTTP-01 validation bug on October 27, 2025 that could disable WAF rules and allow requests to reach origin servers.
-
New vulnerability database db.gcve.eu launched to support European digital sovereignty
GCVE launched db.gcve.eu, a free public vulnerability database that integrates more than 25 data sources and uses a decentralized GNA numbering model. It offers a searchable catalog and an open API for tool integration.
-
PDFSider backdoor deployed on Fortune 100 finance firm network
A Resecurity technical analysis found PDFSider, a Windows backdoor, was used to deliver ransomware on a Fortune 100 finance firm’s network. The malware uses DLL side-loading, memory-only execution, DNS exfiltration, and AES-256-GCM encryption.
-
Fake NexShield extension crashes Chrome and Edge to push ModeloRAT
A Huntress technical analysis found that a fake ad blocker called NexShield crashed Chrome and Edge to push malicious commands and install ModeloRAT in corporate environments. Full system cleanup is advised for affected machines.
-
Researchers disclose Gemini prompt injection that used calendar invites to exfiltrate meeting data
A Miggo Security technical analysis shared with The Hacker News revealed an indirect prompt injection that used Google Calendar invites to extract private meeting details from Google Gemini. The flaw was fixed after responsible disclosure.
