Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Phishing emails offering fake jobs used to steal Facebook logins, researcher says
Sublime Security reported on Oct. 16, 2025 that a phishing campaign uses fake job offers and brand impersonation to capture Facebook login credentials, warning of deceptive URLs and counterfeit login pages.
-
Google links three new ‘ROBOT’ malware families to Russia-linked COLDRIVER
Google’s Threat Intelligence Group linked three new malware families — NOROBOT, YESROBOT and MAYBEROBOT — to the Russia-linked COLDRIVER group, describing a ClickFix-style delivery chain and ongoing rapid development aimed at evading detection. Dutch prosecutors also said three youths are suspected of providing services to a foreign government and one had contact with a Russia-affiliated…
-
China-linked Salt Typhoon exploited Citrix to target European telecom, Darktrace says
Security firm Darktrace reported that a European telecommunications organisation was targeted in July 2025 by a China-linked group known as Salt Typhoon, which exploited a Citrix NetScaler Gateway to gain access and deployed Snappybee via DLL side-loading; the activity was detected and remediated and the victim was not named.
-
DNS0.EU public DNS service discontinues operations over sustainability issues
The France-based non-profit DNS0.EU has discontinued its public DNS resolver, citing lack of sustainability in time and resources; the team recommended alternatives including DNS4EU and NextDNS.
-
China’s MSS says NSA carried out ‘premeditated’ cyber operation against national time service
China’s Ministry of State Security said in a WeChat post it uncovered ‘irrefutable evidence’ that the U.S. NSA carried out a multi-year cyber operation against the National Time Service Center, alleging credential theft, deployment of a platform with 42 tools, and attempts to disrupt timing systems; the MSS said Chinese agencies neutralized the activity.
-
Muji halts online sales in Japan after ransomware attack on logistics partner Askul
Muji took its online store offline in Japan after a ransomware attack at logistics partner Askul disrupted orders and shipping; Askul said it suspended operations while investigating possible data leakage, and Muji is notifying affected customers.
-
CISA says Windows SMB privilege-escalation bug CVE-2025-33073 is being exploited
CISA warned that threat actors are actively exploiting CVE-2025-33073, a high-severity SMB privilege-escalation bug affecting Windows Server, Windows 10 and Windows 11 up to 24H2. Microsoft patched the flaw in June 2025 and attributed discovery to multiple researchers, while CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and set a Nov. 10 deadline…
-
Researchers find 131 Chrome extensions cloned to automate WhatsApp spam in Brazil
Researchers say 131 rebranded Chrome extensions, sharing a common codebase, were used to automate bulk WhatsApp Web messaging aimed at Brazilian users, a campaign that appears designed to evade platform anti-spam controls and contravene Chrome Web Store rules.
-
Lawsuit says Deel orchestrated long-running espionage against competitor Rippling
Rippling filed a lawsuit on March 17, 2025, alleging that Deel directed a months-long corporate espionage campaign through a cultivated employee who searched Rippling systems thousands of times to capture sales, customer and recruiting information, and that top Deel executives were implicated.
-
Dutch regulator fines Experian Netherlands EUR 2.7 million for GDPR violations
The Dutch Data Protection Authority fined Experian Netherlands EUR 2.7 million for multiple GDPR violations after finding the company collected and used personal data from public and private sources without informing individuals, the regulator said.
