Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
CISA orders federal agencies to remediate two exploited Cisco firewall flaws
CISA ordered U.S. federal agencies to remediate two actively exploited Cisco ASA and Firepower vulnerabilities (CVE-2025-20333, CVE-2025-20362), warned that some devices reported as patched remain vulnerable, and added three flaws to its KEV catalog with a December 3, 2025 remediation deadline.
-
International police action disrupts Rhadamanthys, VenomRAT and Elysium operations
Authorities in nine countries, coordinated by Europol and Eurojust, dismantled infrastructure for Rhadamanthys, VenomRAT and Elysium by taking down 1,025 servers, seizing 20 domains and arresting a suspect in Greece as part of Operation Endgame.
-
Researchers: npm registry flooded by tens of thousands of fake packages in two‑year spam campaign
Researchers have identified a two‑year spam campaign that has flooded the npm registry with tens of thousands of fake packages using a worm-like mechanism to auto-publish new packages and potentially monetize the effort via the TEA protocol; investigators say attribution is unconfirmed and registry operators have removed the packages.
-
UK introduces Cyber Security and Resilience Bill to bolster critical infrastructure defenses
The UK government has introduced the Cyber Security and Resilience Bill to tighten protections for hospitals, energy, water and transport systems, build on the NIS Regulations, require managed service providers to meet security standards and report major incidents quickly, and impose turnover-based penalties for serious breaches.
-
Researchers detail Android RAT ‘Fantasy Hub’ sold as Malware‑as‑a‑Service on Telegram
Security researchers and industry trackers say an Android remote access trojan named Fantasy Hub is being sold on Russian‑language Telegram channels as a Malware‑as‑a‑Service, offering device takeover, SMS interception, APK trojanising, and subscription pricing while mirroring features seen in other Android RATs and banking trojans.
-
Amazon opens invite-only bug bounty for NOVA models to outside researchers
Amazon has launched an invite-only bug bounty program for its NOVA family of language models, allowing select researchers to test and be paid for findings on issues such as prompt injection, jailbreaking and other vulnerabilities, with the company saying the effort will help secure models integrated across Amazon and customer systems.
-
Researchers: Actors abused Triofox antivirus feature to execute code as SYSTEM
Researchers say the UNC6485 cluster exploited CVE-2025-12480 in Gladinet Triofox by spoofing a localhost host header to bypass authentication, then abused the product’s antivirus configuration to run a malicious payload as SYSTEM; vendors have released patches and investigators provided indicators of compromise.
-
Researchers link WhatsApp-propagated Maverick malware to Brazilian banking trojans
Researchers say Maverick, a WhatsApp-propagated malware, shares code and tactics with the Brazilian banking trojan Coyote and is being spread via automated WhatsApp Web sessions, with analysts noting ties to a group called Water Saci.
-
North Korean-linked group used Google device service to wipe South Korean Android phones
South Korean researchers say the North Korean-linked KONNI group abused Google’s device-management features to remotely factory-reset Android phones, using stolen credentials harvested via phishing and RATs spread over KakaoTalk.
-
Proofpoint links new UNK_SmudgedSerpent cluster to targeted phishing of Iran experts
Proofpoint has identified a new threat cluster, UNK_SmudgedSerpent, that used political lures, impersonation and malicious installers to target academics and Iran policy experts between June and August 2025, deploying RMM tools including PDQ Connect and possibly ISL Online.
