Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
APT36 uses weaponized LNK files to target Indian government entities
A multi-stage fileless campaign attributed to APT36 used oversized .lnk shortcuts embedding PDFs to deliver HTA loaders and in-memory .NET DLLs targeting Indian government systems. The malware adapts persistence to installed antivirus and uses encrypted C2.
-
Investors in F5 urged to seek lead plaintiff status after BIG-IP breach and 10.9% share drop
A press release said investors in F5 have until February 17, 2026 to seek lead plaintiff status after the company linked weaker fiscal 2026 guidance to a BIG-IP security breach and a 10.9 percent two-day share decline.
-
Hacker Threw MacBook Air in River after Breach that Exposed 33.7 Million Accounts
Investigators recovered a MacBook Air thrown into a river after a breach that exposed data for 33.7 million users. The company detailed a 1.685 trillion won compensation package and a government-led probe to manage the response.
-
PS5 BootROM keys leaked in late 2025 expose unpatchable hardware secrets
A set of PlayStation 5 BootROM keys was posted online on 31 December 2025. The leak exposes hardware cryptographic keys burned into consoles and cannot be fixed by software updates on existing units.
-
Unit 42 analysis finds VVS stealer targets Discord users and exfiltrates tokens and browser data
A Unit 42 technical analysis found VVS stealer, a Python based malware marketed on Telegram in April 2025, targets Discord and browsers to steal tokens and saved credentials and exfiltrates them via Discord webhooks.
-
Handala targeted Telegram accounts of two Israeli officials
In December 2025 Handala posted about 1,900 Telegram chat entries tied to two Israeli officials. Most entries were empty contact cards and only about 40 contained messages, indicating account access rather than full phone compromise.
-
RondoDox botnet exploited React2Shell to enroll IoT devices and web apps
A nine month campaign enrolled IoT devices and web applications into the RondoDox botnet by exploiting React2Shell. About 90,300 hosts remained vulnerable at the end of 2025. Researchers advise patching Next.js and segmenting IoT.
-
Critical authentication bypass in IBM API Connect prompts urgent patching
A critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 and affecting several 10.0.8.x and 10.0.11.0 releases, can grant unauthorized access without user interaction. IBM issued interim fixes and advised disabling developer self-service if unable to patch.
-
Actor Using Alias 888 Offers More Than 200 GB of Alleged ESA Data
An actor using alias 888 posted on DarkForums on 18 December 2025 offering more than 200 GB of data alleged to be from the European Space Agency. The report has not been independently verified.
-
GlassWorm fourth wave targets macOS with trojanized crypto wallets in VS Code extensions
A fourth GlassWorm wave is targeting macOS developers with trojanized VS Code and OpenVSX extensions that steal credentials and attempt to replace hardware wallet apps. More than 33,000 installs were recorded.
