Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Korean Air says employee data exposed after supplier hack
Korean Air said an internal notice that employee names and bank account numbers in its ERP were compromised after a hack of its supplier KC&D. Local reporting put the number of exfiltrated records at about 30,000.
-
MongoDB zlib flaw CVE-2025-14847 exploited in the wild with more than 87,000 instances at risk
CVE-2025-14847, dubbed MongoBleed, is actively exploited and can leak MongoDB server memory. More than 87,000 potentially vulnerable instances were identified. Apply vendor patches or disable zlib compression and limit exposure until fixed.
-
Alleged WIRED subscriber database of 2.37 million records posted to hacking forum
An alleged WIRED subscriber database of 2,366,576 records was posted to a hacking forum on December 20. Independent analysis matched records to infostealer logs and the dataset is listed on Have I Been Pwned.
-
Lumma Stealer delivered through fake itch.io update links to Patreon
G DATA Security Lab found a campaign using spam comments on itch.io that linked to Patreon downloads of a nexe compiled executable which writes a native module and loads a LummaStealer payload. Samples include six anti analysis checks.
-
China-linked APT used DNS poisoning to deliver MgBot backdoor, Kaspersky says
Kaspersky linked a China-aligned APT known as Evasive Panda to a campaign from November 2022 to November 2024 that used DNS poisoning to deliver an MgBot backdoor to targets in Türkiye, China and India, employing staged loaders, custom encryption and host-specific payloads.
-
Jamf finds MacSync macOS stealer delivered in signed, notarized Swift installer
Jamf researchers found a MacSync macOS stealer variant delivered in a code-signed, notarized Swift installer inside a DMG that could bypass Gatekeeper; Apple revoked the signing certificate and analysis links the payload to the rebranded Mac.c infostealer with remote command-and-control capabilities.
-
SEC Charges Multiple Firms Over $14 Million Artificial Intelligence Crypto Scam
The U.S. Securities and Exchange Commission has charged several firms and investment clubs in an alleged AI-themed cryptocurrency scam that defrauded retail investors of more than $14 million, accusing operators of using WhatsApp groups and fake trading platforms to solicit funds.
-
ServiceNow to buy Armis for $7.75 billion to expand device-focused security
ServiceNow agreed to buy Armis for $7.75 billion to expand its security offerings into device and cyber-physical exposure management, combining Armis’ asset discovery with ServiceNow’s workflow and risk products and citing AI-driven automation as a core rationale.
-
Two Chrome extensions intercepted traffic and exfiltrated credentials, researchers say
Researchers reported two Chrome extensions named Phantom Shuttle that posed as VPN/speed-test tools but injected hard-coded proxy credentials, routed traffic through attacker-controlled proxies and exfiltrated user credentials and other sensitive data to a command-and-control server.
-
La Poste hit by major network incident, digital services disrupted
La Poste said a “major network incident” knocked its information systems offline, disrupting websites and mobile banking for millions while core banking and in-person services remained available; French outlets reported the outage was caused by a DDoS attack.
