Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Windows MiniPlasma zero-day proof of concept gives attackers SYSTEM access
A researcher has released a proof-of-concept Windows exploit called MiniPlasma that can elevate a standard account to SYSTEM on fully patched systems, according to tests on current Windows 11 builds and the disclosure.
-
NGINX flaw exploited in the wild days after disclosure, VulnCheck says
VulnCheck says CVE-2026-42945 is being exploited in the wild in NGINX Plus and NGINX Open days after disclosure. The report also cites active exploitation of critical openDCIM flaws that can be chained toward remote code execution.
-
Grafana says GitHub token breach let intruder download codebase
Grafana said a stolen token let an unauthorized party access its GitHub environment and download code. The company said no customer data was exposed and that the attacker later tried to extort payment.
-
Turla turns Kazuar backdoor into modular P2P botnet
Turla has reworked its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access, Microsoft said in a technical analysis published Thursday. The malware now uses separate Kernel, Bridge and Worker components.
-
Avada Builder WordPress flaws could expose site credentials, database data
Two flaws in the Avada Builder WordPress plugin could let attackers read server files or pull data from the database. The issues affect versions through 3.15.2 and 3.15.1, and site owners were urged to upgrade to 3.15.3.
-
Four OpenClaw flaws could enable data theft and persistence, researchers say
Researchers disclosed four OpenClaw flaws that could be chained for data theft, privilege escalation and persistence. The issues were fixed in version 2026.4.22, and users were advised to update.
-
OpenAI says two employees were affected in TanStack supply chain attack
OpenAI said two employees were affected in the TanStack supply chain attack, and it rotated code-signing certificates as a precaution. The company said customer data and production systems were not impacted.
-
Microsoft says on-prem Exchange flaw under active exploitation
Microsoft said an actively exploited Exchange Server flaw affects on-premises versions 2016, 2019 and Subscription Edition. The company issued temporary mitigations and said Exchange Online is not affected.
-
Cisco patches critical SD-WAN Controller flaw after limited exploitation
Cisco said a critical authentication bypass in Catalyst SD-WAN Controller, CVE-2026-20182, was exploited in limited attacks. The flaw can let a remote attacker gain administrative access and alter SD-WAN network settings.
-
Malicious node-ipc versions found stealing cloud and developer secrets
Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
