Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Google adds Android intrusion logging to help investigate spyware attacks
Google introduced an opt-in Android intrusion logging feature for suspected spyware cases. The encrypted logs are stored for 12 months, can be downloaded by users, and are rolling out to devices with the Android 16 December update and later.
-
Vietnam moves to build domestic cloud for government workloads
Vietnam plans to build a national cloud platform by 2030 to replace foreign cloud services for government workloads, according to a new decision that also targets data sovereignty, cybersecurity and broader digital state reforms.
-
Exim patches BDAT flaw that could lead to code execution
Exim has patched CVE-2026-45185, a use-after-free flaw in BDAT parsing that could lead to memory corruption and possible code execution in affected GnuTLS-based builds. Version 4.99.3 fixes the issue.
-
Skoda says customer data stolen in online shop breach
Škoda Auto said attackers breached its online shop, stole customer personal data and accessed login credentials after exploiting a software flaw. The company said payment card details were not stored on the compromised systems.
-
RubyGems pauses new signups after major malicious attack
RubyGems has temporarily paused new account signups after what the article described as a major malicious attack involving hundreds of packages. Mend.io said it will share more details once the incident is contained.
-
New TrickMo variant uses TON for Android command control, researchers say
Researchers say a new TrickMo Android trojan variant used TON for command and control and targeted banking and crypto wallet users in France, Italy and Austria. The malware added network reconnaissance, SSH tunnelling and SOCKS5 proxying features.
-
Instructure reaches ransom agreement after Canvas data breach
Instructure said it reached an agreement with an unauthorized actor after a Canvas breach that exposed data tied to thousands of schools and universities, including about 275 million records. The company said stolen data was returned and no customers will be separately extorted.
-
Apple adds beta end-to-end encryption to RCS chats in iOS 26.5
Apple released iOS 26.5 with beta end-to-end encryption for RCS chats on iPhone and Android, enabled by default for supported users. The update also fixes more than 50 vulnerabilities in iOS and iPadOS.
-
Checkmarx says modified Jenkins plugin was published in supply chain attack
Checkmarx said a modified Jenkins AST plugin was published to the Jenkins Marketplace and warned users to stay on an older safe version. The incident is the latest attack linked to TeamPCP in a broader supply chain campaign.
-
Attackers exploit cPanel flaw to deploy Filemanager backdoor
Attackers linked to Mr_Rot13 are exploiting CVE-2026-41940 in cPanel and WHM to install the Filemanager backdoor, with more than 2,000 source IPs seen in activity, according to a technical analysis by QiAnXin XLab.
