Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Tennessee man pleads guilty after hacking Supreme Court e-filing system and leaking VA and AmeriCorps data
A Tennessee man pleaded guilty after using stolen credentials to access the Supreme Court e-filing system at least 25 times and to breach AmeriCorps and VA accounts between August and October 2023, prosecutors said.
-
British Army to base 13 Signal Regiment at Gloucestershire site with £279 million spending
The British Army will base 13 Signal Regiment at Duke of Gloucester Barracks in Gloucestershire with £279 million funding. Plans cover new cyber facilities, accommodation for service families, and construction from 2027 to 2030.
-
XSS flaw in StealC control panel exposed sessions and millions of cookies
An XSS flaw in the StealC control panel let outsiders harvest system fingerprints, active sessions and cookies. Researchers recovered over 5,000 logs with about 390,000 passwords and more than 30 million cookies.
-
LOTUSLITE backdoor used in campaign targeting U.S. policy entities
Researchers disclosed a campaign on January 16, 2026 that used Venezuela-themed lures to deliver the LOTUSLITE backdoor to U.S. government and policy organizations via ZIP archive and DLL side-loading. Attribution is to Mustang Panda with moderate confidence.
-
CodeBreach misconfiguration in AWS CodeBuild could have exposed aws-sdk-js-v3 GitHub repo
A CodeBuild misconfiguration could have allowed takeover of AWS-managed GitHub repositories including the AWS JavaScript SDK. The flaw, dubbed CodeBreach, was fixed in September 2025 after responsible disclosure.
-
Critical Fast Pair flaw lets attackers hijack Bluetooth headsets and eavesdrop
Researchers found a Fast Pair implementation flaw that lets attackers force-pair Bluetooth audio devices, enabling hijack, eavesdropping, and tracking of hundreds of millions of accessories. Patches from manufacturers are required to fix vulnerable devices.
-
Critical Modular DS WordPress plugin flaw exploited in the wild
A CVE-2026-23550 privilege escalation in the Modular DS WordPress plugin is being exploited in the wild. The flaw is patched in version 2.5.2. Update immediately and check for unexpected admin users or malicious changes.
-
Reprompt attack could exfiltrate Microsoft Copilot data with one click
Researchers disclosed Reprompt, a method that can use a single Copilot URL click to inject prompts and enable hidden, ongoing data exfiltration. Microsoft has addressed the issue and enterprise Copilot customers are not affected.
-
AWS launches European Sovereign Cloud across EU with €7.8 billion investment
Amazon launched the AWS European Sovereign Cloud across the EU on 15 January 2026 with a €7.8 billion investment. The service limits infrastructure and operations to EU territory and is undergoing third-party audits.
-
Microsoft disrupts RedVDS cybercrime subscription service in U.S. and U.K. action
Microsoft executed coordinated legal action in the U.S. and U.K. to seize RedVDS infrastructure and take its sites offline. RedVDS activity has driven about US $40 million in reported U.S. fraud losses since March 2025.
