Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Open-source C2 Framework AdaptixC2 Draws Use by Groups Linked to Russian Ransomware
AdaptixC2, an open-source command-and-control framework published on GitHub, has been adopted by multiple threat actors, including groups linked to Russian ransomware, prompting analysis from Palo Alto Networks Unit 42 and an investigation by Silent Push into the project’s author and Telegram activity.
-
Researcher discloses ‘Brash’ flaw that can crash Chromium-based browsers by spamming tab title
A researcher has published details of ‘Brash’, a vulnerability in Chromium’s Blink engine that can crash Chromium-based browsers by rapidly updating the document.title field, causing massive DOM mutations and UI thread saturation.
-
Attackers exploit patched WSUS flaw to deploy infostealer on unpatched Windows servers
Attackers have been observed exploiting CVE-2025-59287 in WSUS to deploy an infostealer on unpatched Windows servers, exfiltrate data to webhook.site URLs and use follow-up tooling including Velociraptor and a UPX-packed Skuld Stealer; agencies and vendors are urging immediate patching and investigation.
-
PhantomRaven campaign places malicious code in 126 npm packages
Researchers say a campaign codenamed PhantomRaven has placed malicious code into 126 npm packages since August 2025, using external dynamic dependencies to steal authentication tokens, CI/CD secrets and GitHub credentials; Koi Security and DCODX published analyses.
-
Python Software Foundation withdraws $1.5M NSF proposal over DEI restriction
The Python Software Foundation has withdrawn a $1.5 million NSF grant proposal after the agency attached a clause barring recipients from operating programs that “advance or promote diversity, equity, and inclusion,” a condition the PSF said conflicts with its mission.
-
Canada warns of hacktivist breaches at water, energy and farm facilities
The Canadian Centre for Cyber Security warned that hacktivists have repeatedly breached internet-exposed industrial control systems at water, oil and agricultural sites, altering control settings and prompting guidance to remove direct internet exposure, use multifactor VPNs, and report incidents through the Cyber Centre.
-
Researchers warn of ‘AI-targeted cloaking’ that can poison agentic browsers
Security researchers and hCaptcha warn of an ‘AI-targeted cloaking’ technique that serves different content to human browsers and AI crawlers, potentially poisoning models and enabling misinformation; SPLX and hTAG detail examples and risky agent behaviors.
-
UK data watchdog fines sole trader £200,000 over nearly 1m spam texts targeting people in debt
The Information Commissioner’s Office fined Bharat Singh Chand £200,000 after finding he sent 966,449 unsolicited texts about debt and energy grants from hundreds of numbers; the ICO said the messages lacked sender identification, prompted calls from a firm calling itself The Debt Relief Team, generated more than 19,000 complaints and that Chand has appealed the…
-
Researchers find 10 typosquatted npm packages delivering cross‑platform credential stealer
Researchers reported a set of 10 typosquatted npm packages, uploaded on July 4, 2025 and downloaded over 9,900 times, that deploy an obfuscated, multi-stage information stealer which harvests credentials from browsers and system keyrings on Windows, Linux and macOS.
-
Dentsu says Merkle subsidiary suffered data breach exposing staff and client information
Dentsu disclosed that U.S. subsidiary Merkle suffered a cybersecurity incident that exposed staff and client data, systems were taken offline, data were stolen and impacted individuals are being notified while an investigation continues.
