Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Malicious node-ipc versions found stealing cloud and developer secrets
Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
-
Ghostwriter targets Ukrainian government entities in fresh phishing campaign
Ghostwriter has been tied to new attacks on Ukrainian government entities since March 2026, using malicious PDFs, geofencing checks and a JavaScript version of PicassoLoader to deliver Cobalt Strike, according to an ESET technical analysis.
-
PraisonAI flaw was probed within hours of public disclosure
PraisonAI was probed within hours of a disclosed authentication bypass, according to Sysdig. The flaw affects versions 2.5.6 through 4.6.33 and was patched in 4.6.34.
-
Two new Windows zero-days expose BitLocker and CTFMON flaws
A technical disclosure says two new Windows zero-days can bypass BitLocker in recovery mode and may enable privilege escalation in CTFMON, adding to a recent run of Microsoft security issues.
-
New Fragnesia Linux flaw can grant root access, researchers say
Fragnesia is a new Linux kernel local privilege escalation flaw that can grant root access, according to a technical analysis. The issue affects the XFRM ESP-in-TCP subsystem and has prompted advisories from multiple Linux distributions.
-
NGINX flaw left hidden for 18 years could allow remote code execution
A critical NGINX rewrite module flaw hidden for 18 years can let a remote attacker trigger code execution or denial of service with crafted requests, according to a technical analysis and vendor advisory.
-
MuddyWater hackers targeted South Korean electronics maker in broad espionage campaign
MuddyWater targeted at least nine organizations in a cyberespionage campaign that included a major South Korean electronics maker, government agencies and an airport, according to Symantec. The group used DLL sideloading, PowerShell and other legitimate tools.
-
Critical Exim flaw can let remote attackers run code on affected servers
A critical Exim flaw fixed in version 4.99.3 could let unauthenticated attackers execute code on affected mail servers. The bug affects some GnuTLS-based builds before 4.99.3 and is triggered during TLS shutdown with chunked SMTP traffic.
-
Researchers say GemStuffer abused more than 150 RubyGems to store scraped council data
Researchers said GemStuffer abused more than 150 RubyGems packages to store scraped data from U.K. council portals, using the registry as an exfiltration channel and raising questions about package registry abuse.
-
China-linked hackers hit Azerbaijani energy firm in repeated Exchange intrusions
A China-linked group targeted an Azerbaijani oil and gas firm in three waves between late December 2025 and late February 2026, repeatedly using the same Exchange Server entry point and swapping backdoors, according to a Bitdefender analysis.
