Cristian Luțic
Cristian Luțic is a cybersecurity professional and Editor-in-Chief of iSec.News, with experience in security enablement, risk analysis, and vulnerability reporting. As Editor-in-Chief, he is responsible for editorial standards, source verification, and publication oversight at iSec News.
From professional sports to cybersecurity, his career path may have been unconventional, but it has been driven by the same core values: discipline, perseverance, and a passion for doing meaningful, impactful work.
iSec.News Motto: “Only news, only information security and privacy news. No fluff.”
-
Hackers breach Evertec’s Brazilian unit in $130 million Pix heist attempt
Hackers breached Evertec’s Brazilian subsidiary Sinqia to access the Pix real-time payments system, attempting a $130 million unauthorized transfer. Part of the funds was recovered, Pix access was revoked by the Central Bank of Brazil, and investigators are pursuing the case, with HSBC linked by local media reports.
-
Cloudflare says it blocked largest recorded DDoS attack at 11.5 Tbps
Cloudflare says it blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps and lasting about 35 seconds, with most traffic traced to Google Cloud as the company notes a broader rise in high-volume DDoS campaigns.
-
Public appsettings.json leak exposes Azure AD credentials, enabling potential cloud access
Researchers from Resecurity’s HUNTER team warn that a publicly accessible appsettings.json file leaked Azure AD credentials (ClientId and ClientSecret), potentially enabling attackers to authenticate via OAuth 2.0 and access an organization’s Azure cloud resources; the incident underscores the ongoing risk of cloud-secret exposure and the need for strong secret-management practices.
-
Jaguar Land Rover says cyberattack severely disrupted production; no evidence of customer data theft yet
Jaguar Land Rover said a weekend cyberattack severely disrupted production and retail operations, but there is no evidence yet that customer data was stolen. The company is restarting affected systems and did not specify a timeline for full recovery.
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
-
NIST Revamps Security Controls to Tighten Software Updates and Patch Management
NIST has revised its Security and Privacy Control Catalog to strengthen software update and patch management, introducing changes aimed at better incident response, root-cause analysis, and cyber resiliency to reduce the window of exposure in software supply chains.
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
-
Zscaler confirms Salesforce data exposure tied to Salesloft Drift compromise amid wider Salesforce breach activity
Zscaler confirms a data breach tied to the Salesloft Drift supply-chain attack, exposing customer Salesforce data due to compromised Drift credentials. The company revoked Drift integrations, rotated tokens, and reinforced customer authentication while investigations continue; Google Threat Intelligence links UNC6395 to the broader campaign affecting Salesforce environments.
-
ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea
Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.
-
Amazon says APT29 attempted watering-hole attack to harvest Microsoft credentials; AWS says no systems affected
Amazon said it disrupted an APT29 watering-hole campaign aimed at harvesting Microsoft credentials, stressing that no AWS systems were compromised. The operation used spoofed Cloudflare pages and randomized redirects to trick users, with Google Threat Intelligence and AWS detailing evasion techniques and previous similar activity.
