Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Kaspersky: Tomiris APT increasingly uses Telegram and Discord as command-and-control channels
Kaspersky researchers reported that the Tomiris threat actor has targeted diplomatic and government entities, increasingly using public services like Telegram and Discord as command-and-control channels and deploying multi-language implants and open-source C2 frameworks.
-
CISA adds OpenPLC ScadaBR XSS flaw to Known Exploited Vulnerabilities list amid active attacks
CISA added CVE-2021-26829, a cross-site scripting flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation tied to a hacktivist operation; Forescout and VulnCheck reported related intrusions and a sustained OAST-driven exploit campaign.
-
Legacy Python bootstrap scripts create potential PyPI domain takeover risk, researchers say
ReversingLabs found legacy zc.buildout bootstrap scripts in several PyPI packages that download an obsolete Distribute installer from a domain now for sale, creating a potential domain takeover supply chain risk; researchers warned some projects still ship the file and pointed to a separate malicious PyPI package discovered by HelixGuard.
-
North Korean actors push 197 malicious packages to npm to deploy OtterCookie variant
Researchers say North Korean actors uploaded 197 malicious npm packages, downloaded over 31,000 times, to deploy an OtterCookie variant that evades sandboxes, establishes C2 access and steals credentials and crypto data; delivery used a Vercel URL and a now-unavailable GitHub account, and the campaign has also employed fake job-assessment lures to distribute Go-based backdoors.
-
French Football Federation discloses data breach after compromised account
The French Football Federation said attackers used a compromised account to access administrative software for clubs, stealing personal and contact details; the FFF disabled the account, reset passwords, filed a criminal complaint and notified ANSSI and CNIL.
-
Researchers propose observational audit to detect label leakage in machine learning models
A new observational auditing framework lets testers detect whether machine learning models leak training labels without altering training data, using proxy labels and attacker-based tests; experiments on image and click datasets showed tighter privacy settings reduced leakage.
-
Bloody Wolf campaign expands from Kyrgyzstan to Uzbekistan, delivers NetSupport RAT via Java loaders
Researchers report the Bloody Wolf hacking group used impersonated government PDFs and Java JAR loaders to deliver an older NetSupport RAT to targets in Kyrgyzstan and, later, Uzbekistan, employing geofencing and simple persistence techniques.
-
Microsoft to block unauthorized scripts on Entra ID sign-ins with CSP update
Microsoft will change the Content Security Policy for browser-based Entra ID sign-ins at login.microsoftonline.com to block unauthorized scripts and allow only trusted Microsoft domains, with a global rollout beginning mid-to-late October 2026; organisations are asked to test sign-in flows and avoid tools that inject code.
-
OpenAI notifies some API customers after Mixpanel analytics vendor hacked
OpenAI said some ChatGPT API customers had limited identifying information exposed after a smishing-driven compromise of analytics vendor Mixpanel; no chats, API requests, credentials or payment data were exposed and both companies have taken mitigation steps while investigations continue.
-
Gainsight says more customers affected as Salesforce revokes Gainsight-linked access tokens
Gainsight said suspicious activity tied to its applications affected more customers than initially reported and that Salesforce revoked related access tokens; the intrusion has been claimed by ShinyHunters while investigators and vendors take containment steps.
