Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Hard-coded cryptographic keys in Gladinet CentreStack and Triofox exploited to access web.config, Huntress says
Huntress warned that hard-coded cryptographic keys in Gladinet CentreStack and Triofox allow attackers to decrypt or forge access tickets and retrieve web.config files, enabling ViewState deserialization attempts; nine organisations have been affected and vendors have released updates.
-
CISA adds WinRAR flaw CVE-2025-6218 to known-exploited list after reported active use
CISA added a WinRAR path traversal vulnerability, CVE-2025-6218 (CVSS 7.8), to its Known Exploited Vulnerabilities catalog after reports of active exploitation by multiple threat groups; RARLAB patched the bug in WinRAR 7.12 for Windows in June 2025 and agencies are required to remediate by Dec. 30, 2025.
-
Fortinet, Ivanti and SAP issue urgent patches for critical authentication and code execution flaws
Fortinet, Ivanti and SAP released urgent security updates for multiple critical flaws, including authentication bypass and remote code execution bugs; administrators are urged to apply patches and temporary mitigations promptly.
-
North Korea-linked actors exploit React2Shell flaw to deploy EtherRAT using Ethereum-based C2
Sysdig reported that actors tied to North Korea exploited a critical React Server Components flaw to deploy EtherRAT, a Node.js-based remote access trojan that uses Ethereum smart contracts and RPC consensus for C2 resolution and multiple Linux persistence mechanisms.
-
Recorded Future identifies four threat clusters using CastleLoader
Recorded Future’s Insikt Group identified four clusters using the CastleLoader malware loader, assigned the operator the name GrayBravo, and detailed distinct tactics, payloads and a multi-tiered infrastructure while noting the loader’s proliferation among other threat actors.
-
Researchers find VS Code extensions that install stealer malware, Microsoft removes packages
Researchers and security firms found two malicious Visual Studio Code extensions that stole credentials, screenshots and browser data; Microsoft removed the packages and analysts warned developers to review extensions and supply-chain risks.
-
Ransomware gangs use ‘Shanya’ packer-as-a-service to hide EDR-killing payloads
Security researchers say multiple ransomware groups are using the Shanya packer-as-a-service to deliver in-memory, EDR-disabling payloads that side-load DLLs and deploy kernel drivers to stop security software; Sophos published technical analysis and indicators of compromise.
-
FinCEN: Ransomware Payments Fell in 2024 After 2023 Peak, Report Shows
FinCEN reported 4,194 ransomware incidents from 2022–2024 with more than $2.1 billion in payments; activity peaked in 2023 and fell in 2024 after law enforcement disruptions of major gangs.
-
Poland detains three Ukrainian nationals over alleged use of advanced hacking equipment
Polish police arrested three Ukrainian nationals, aged 39–43, accusing them of attempting to damage IT systems and obtaining data important to national defence; officers seized hacking equipment including a Flipper device, multiple SIM cards and other electronics, and have detained the men for three months pending trial.
-
Google adds User Alignment Critic to Chrome to protect Gemini agentic browsing
Google is introducing a separate, isolated LLM called User Alignment Critic in Chrome to vet actions taken by Gemini-powered agentic browsing. The architecture also uses origin restrictions, user prompts for sensitive steps, prompt-injection detection and automated red-teaming; Google is offering bounties up to $20,000 and has not given a public rollout date.
