Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Amazon finds Iran-linked hackers using cyber reconnaissance to aid physical attacks
Amazon’s threat intelligence team reported that Iran-linked hackers conducted digital reconnaissance, including targeting ship AIS and CCTV, to support physical attacks—a trend the company calls cyber-enabled kinetic targeting.
-
Acronis warns of ongoing ‘TamperedChef’ malvertising campaign using signed fake installers
Acronis Threat Research Unit says operators are using signed counterfeit installers in a global malvertising campaign dubbed TamperedChef to deploy a JavaScript backdoor, with infections concentrated in the U.S. and several industries affected; some variants have been used for advertising fraud while broader motives remain unclear.
-
Researchers disclose Sturnus Android banking trojan that can capture messages and take over devices
Security researchers say a new Android banking trojan called Sturnus can capture decrypted messages from apps like WhatsApp, Telegram and Signal, present fake bank login screens, and allow remote control of infected devices; ThreatFabric reports the campaign so far is limited to Southern and Central Europe.
-
Critical command injection flaw found in W3 Total Cache WordPress plugin
A critical unauthenticated command injection in the W3 Total Cache WordPress plugin (CVE-2025-9501) can allow PHP code execution via a malicious comment. The developer issued a patch in version 2.8.13 on Oct. 20, but hundreds of thousands of sites may still be unpatched; WPScan plans to publish a proof-of-concept on Nov. 24.
-
Active exploitation reported for 7‑Zip ZIP symbolic link vulnerability
NHS England Digital warned that CVE-2025-11001, a 7‑Zip vulnerability affecting symbolic link handling and allowing remote code execution, is being actively exploited; 7‑Zip 25.00 released in July 2025 contains fixes and users are urged to update.
-
China-linked PlushDaemon hijacks software updates with new EdgeStepper implant, ESET says
ESET researchers say a China-linked group called PlushDaemon is hijacking software-update traffic using an EdgeStepper network implant that redirects update domains to attacker servers and delivers a chain of malware including LittleDaemon, DaemonicLogistics and the SlowStepper backdoor.
-
Researchers report WhatsApp-based worm distributing Delphi banking trojan in Brazil
Trustwave SpiderLabs reported a WhatsApp-propagated campaign in Brazil that uses a Python-based worm and an MSI installer to deploy the Delphi credential stealer Eternidade, which retrieves C2 addresses via IMAP and targets banking and crypto apps.
-
MI5 warns Chinese agents using social media and fake recruiters to target UK parliament and officials
MI5 has issued an espionage alert warning that Chinese intelligence officers are using social media and fake recruiters to cultivate people with access to sensitive UK information, Security Minister Dan Jarvis told parliament, and the government has removed Chinese-made surveillance equipment from sensitive sites.
-
Fortinet warns of FortiWeb OS command injection flaw CVE-2025-58034 exploited in the wild
Fortinet warned that CVE-2025-58034, a medium-severity OS command injection in FortiWeb with a CVSS score of 6.7, has been exploited in the wild; patches are available in specific FortiWeb releases and the company credited a Trend Micro researcher for the report.
-
Self‑replicating botnet abuses Ray clusters to mine cryptocurrency, steal data and launch DDoS attacks
Researchers say a campaign called ShadowRay 2.0 has been exploiting internet‑facing Ray clusters using CVE‑2023‑48022 and Ray’s orchestration features to spread a self‑replicating botnet that mines cryptocurrency, steals proprietary data and launches DDoS attacks, with attackers targeting large GPU environments and using automated discovery and multi‑stage payloads.
