Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Qantas cuts executive bonuses by 15% after data breach
Qantas cut senior executive short-term bonuses by 15% after a late-June data breach that exposed millions of customers, reducing CEO Vanessa Hudson’s bonus by A$250,000 and five other executives’ bonuses by a combined A$550,000 while noting overall executive pay rose and the airline posted an A$2.4 billion underlying pre-tax profit.
-
Wealthsimple reports data breach affecting under 1% of customers; breach tied to third‑party software in suspected supply‑chain attack
Wealthsimple disclosed a data breach affecting less than 1% of its customers, with attackers accessing personal data but not funds or passwords. The breach is linked to a compromised third-party software package and is being treated as part of a broader Salesloft supply-chain attack. The firm is offering two years of free credit monitoring and…
-
VirusTotal flags 44 undetected SVGs in Colombian phishing campaign; hundreds of SVGs detected in the wild
VirusTotal has flagged a new malware campaign using 44 undetected SVG files to phish as Colombia’s Fiscalía General de la Nación, injecting a Base64-encoded HTML page and triggering a hidden ZIP download. Overall SVG detections in the wild have reached 523, with earliest samples dating to August 14, 2025.
-
GhostRedirector threat cluster compromises 65 Windows servers, deploys Rungan backdoor and Gamshen IIS module for SEO fraud
A fresh threat cluster named GhostRedirector has compromised at least 65 Windows servers, deploying a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud, according to ESET researchers. The campaign shows SQL injection-based initial access, PowerShell-based tool delivery, and persistence through multiple remote-access tools, with a China-aligned attribution considered plausible…
-
Chess.com discloses data breach linked to third-party file-transfer app; around 4,500 users affected
Chess.com says a data breach tied to a third-party file-transfer app affected about 4,500 of its 100 million users, with potential exposure of names and other PII but no financial data, and says law enforcement was notified and monitoring continues.
-
Bridgestone confirms cyberattack affecting North American manufacturing; company says containment achieved
Bridgestone Americas said a limited cyber incident affected some North American manufacturing facilities, but it contained the threat early and did not indicate customer data was breached, as reports spread from South Carolina to Quebec.
-
France fines Google €325 million and Shein €150 million for cookie violations, CNIL says
France’s CNIL fined Google €325 million and Shein €150 million for cookie-consent violations, ordering compliance within six months, as U.S. authorities push parallel privacy actions and other firms face related penalties.
-
Misissued TLS certificates tied to Cloudflare’s 1.1.1.1 DNS service raise internet-security concerns
Security researchers disclosed mis-issued TLS certificates tied to Cloudflare’s 1.1.1.1 DNS service, a flaw that could enable impersonation and traffic interception. With the issuer and responsible parties not fully disclosed, the episode underscores ongoing vulnerabilities in the certificate authority system and the role of Certificate Transparency in detecting mis-issuances.
-
Threat actors weaponize HexStrike AI to exploit recently disclosed vulnerabilities, Check Point warns
Threat actors are weaponizing HexStrike AI, an AI-driven offensive security tool, to exploit recently disclosed vulnerabilities, prompting Check Point to urge immediate patching and hardening of affected systems.
-
Iranian-aligned group linked to multi-wave spear-phishing targeting embassies worldwide, researchers say
An Iran-linked threat group is behind a coordinated, multi-wave spear-phishing campaign targeting embassies and consulates worldwide, using VBA macro payloads to deploy malware, according to researchers.
