Zombie linkages are keeping expired domains trusted for years
Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has …
NIST updates its DNS security guidance for the first time in over a decade
DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance …
The internet’s oldest trust mechanism is still one of its weakest links
Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their …
Formal proofs expose long standing cracks in DNSSEC
DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume …
A day in the life of the internet tells a bigger story
On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to …
Threat group reroutes software updates through hacked network gear
Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked …
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache …
Why DNS threats should be on every CISO’s radar in 2025
DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are …
EU launches EU-based, privacy-focused DNS resolution service
DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality. What is DNS? The Domain Name System (DNS) …
UK NCSC offers security guidance for domain and DNS registrars
The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars …
ExtensionHound: Open-source tool for Chrome extension DNS forensics
Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. …
Safeguarding the DNS through registries
The integrity of our online ecosystem heavily relies on domain registries, which serve as the foundation for secure and trusted digital experiences. However, threats like …
Featured news
Resources
Don't miss
- Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
- TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
- Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)
- Communicating cyber risk in dollars boards understand
- CVE Lite CLI: Open-source dependency vulnerability scanner