<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"
  xmlns:dc="http://purl.org/dc/elements/1.1/"
  xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  xmlns:admin="http://webns.net/mvcb/"
  xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
  xmlns:content="http://purl.org/rss/1.0/modules/content/">

Third segment: whois
  
  <channel>

  <title><![CDATA[CircleID]]></title>
  <link>https://circleid.com/topics/whois</link>
  <description>CircleID - Whois</description>
  <dc:language>en</dc:language>
  <dc:rights>Copyright 2026, unless where otherwise noted.</dc:rights>
  <dc:date>2026-07-08T15:09:00+00:00</dc:date>

  
    <item>
      <title><![CDATA[macOS ClickFix Campaign Delivers AMOS and Other Infostealers: A DNS Deep Dive]]></title>
      <link>https://circleid.com/posts/macos&#45;clickfix&#45;campaign&#45;delivers&#45;amos&#45;and&#45;other&#45;infostealers&#45;a&#45;dns&#45;deep&#45;dive</link>
      <guid isPermaLink="true">https://circleid.com/posts/macos&#45;clickfix&#45;campaign&#45;delivers&#45;amos&#45;and&#45;other&#45;infostealers&#45;a&#45;dns&#45;deep&#45;dive</guid>

      <description><![CDATA[A DNS deep dive into Microsoft's macOS ClickFix campaign uncovered victim infrastructure, typosquatting clusters, malicious registrations, and hundreds of linked indicators, exposing a broader infostealer ecosystem beyond the original 140 network IoCs identified by Microsoft.]]></description>
      <dc:date>2026-07-06T08:58:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[DNS Deep Dive: TA416 European Government Espionage Campaigns]]></title>
      <link>https://circleid.com/posts/dns&#45;deep&#45;dive&#45;ta416&#45;european&#45;government&#45;espionage&#45;campaigns</link>
      <guid isPermaLink="true">https://circleid.com/posts/dns&#45;deep&#45;dive&#45;ta416&#45;european&#45;government&#45;espionage&#45;campaigns</guid>

      <description><![CDATA[An extensive DNS analysis of TA416's renewed European espionage campaign uncovered malicious infrastructure, typosquatting clusters, historical network activity, and thousands of connected artifacts that expand defenders' visibility beyond Proofpoint's original indicators for proactive threat hunting.]]></description>
      <dc:date>2026-06-29T13:10:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[DNS Deep Dive: GHOST STADIUM Takes Advantage of FIFA 2026]]></title>
      <link>https://circleid.com/posts/dns&#45;deep&#45;dive&#45;ghost&#45;stadium&#45;takes&#45;advantage&#45;of&#45;fifa&#45;2026</link>
      <guid isPermaLink="true">https://circleid.com/posts/dns&#45;deep&#45;dive&#45;ghost&#45;stadium&#45;takes&#45;advantage&#45;of&#45;fifa&#45;2026</guid>

      <description><![CDATA[A DNS investigation of the GHOST STADIUM phishing operation uncovered typosquatting clusters, malicious infrastructure, victim-linked IP activity, and thousands of connected domains, revealing the scale of a FIFA 2026 ticket fraud ecosystem.]]></description>
      <dc:date>2026-06-24T09:09:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[A DNS Investigation of Shadow-Earth-053]]></title>
      <link>https://circleid.com/posts/a&#45;dns&#45;investigation&#45;of&#45;shadow&#45;earth&#45;053</link>
      <guid isPermaLink="true">https://circleid.com/posts/a&#45;dns&#45;investigation&#45;of&#45;shadow&#45;earth&#45;053</guid>

      <description><![CDATA[A DNS investigation of Shadow-Earth-053 uncovered hundreds of victim-linked connections and a sprawling infrastructure tied to China-aligned cyber-espionage. Analysis of known indicators exposed additional domains, IP addresses, and registration patterns that broaden the campaign's suspected footprint.]]></description>
      <dc:date>2026-06-19T12:17:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[DNS Deep Diving into FakeWallet Crypto Stealer]]></title>
      <link>https://circleid.com/posts/dns&#45;deep&#45;diving&#45;into&#45;fakewallet&#45;crypto&#45;stealer</link>
      <guid isPermaLink="true">https://circleid.com/posts/dns&#45;deep&#45;diving&#45;into&#45;fakewallet&#45;crypto&#45;stealer</guid>

      <description><![CDATA[A DNS-focused investigation of the FakeWallet crypto-stealer campaign uncovered links to malicious infrastructure, potential victims, and thousands of connected domains, revealing signs of pre-staged operations and suggesting the wallet-phishing scheme was broader and longer-running than first reported.]]></description>
      <dc:date>2026-06-15T11:22:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[DNS Deep Dive: Pushpaganda Network IoCs]]></title>
      <link>https://circleid.com/posts/dns&#45;deep&#45;dive&#45;pushpaganda&#45;network&#45;iocs</link>
      <guid isPermaLink="true">https://circleid.com/posts/dns&#45;deep&#45;dive&#45;pushpaganda&#45;network&#45;iocs</guid>

      <description><![CDATA[A DNS investigation into Pushpaganda, an AI-powered scam network that infiltrated Google Discovery feeds, uncovered more than 1,000 connected domains, 162 linked IP addresses, and evidence that several infrastructure assets were registered with malicious intent.]]></description>
      <dc:date>2026-06-10T11:43:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[The DNS Anatomy of the Axios Supply Chain Attack]]></title>
      <link>https://circleid.com/posts/the&#45;dns&#45;anatomy&#45;of&#45;the&#45;axios&#45;supply&#45;chain&#45;attack</link>
      <guid isPermaLink="true">https://circleid.com/posts/the&#45;dns&#45;anatomy&#45;of&#45;the&#45;axios&#45;supply&#45;chain&#45;attack</guid>

      <description><![CDATA[A DNS-focused investigation into the Axios NPM supply chain attack uncovered typosquatting networks, victim-linked infrastructure, and hundreds of connected domains, revealing how malicious actors built and sustained a sprawling cyber campaign around compromised software dependencies.]]></description>
      <dc:date>2026-05-28T08:49:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[An Analysis of the AtlasCross RAT Network IoCs]]></title>
      <link>https://circleid.com/posts/an&#45;analysis&#45;of&#45;the&#45;atlascross&#45;rat&#45;network&#45;iocs</link>
      <guid isPermaLink="true">https://circleid.com/posts/an&#45;analysis&#45;of&#45;the&#45;atlascross&#45;rat&#45;network&#45;iocs</guid>

      <description><![CDATA[Hexastrike traced an AtlasCross RAT campaign linked to Silver Fox, uncovering spoofed domains, victim infrastructure, and malicious network artifacts that reveal how attackers exploited trusted software brands to widen compromise and persistence.]]></description>
      <dc:date>2026-05-26T08:35:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[Global Domain Activity Trends Seen in Q1 2026]]></title>
      <link>https://circleid.com/posts/global&#45;domain&#45;activity&#45;trends&#45;seen&#45;in&#45;q1&#45;2026</link>
      <guid isPermaLink="true">https://circleid.com/posts/global&#45;domain&#45;activity&#45;trends&#45;seen&#45;in&#45;q1&#45;2026</guid>

      <description><![CDATA[Q1 2026 domain activity showed registrations concentrated in a handful of TLDs, with 6.7 million new domains flagged as malicious, offering fresh insight into global DNS patterns and cybersecurity risks as shifting registration trends reshape.]]></description>
      <dc:date>2026-05-19T11:10:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[A Look Back at the Top 10 Ransomware of 2025]]></title>
      <link>https://circleid.com/posts/a&#45;look&#45;back&#45;at&#45;the&#45;top&#45;10&#45;ransomware&#45;of&#45;2025</link>
      <guid isPermaLink="true">https://circleid.com/posts/a&#45;look&#45;back&#45;at&#45;the&#45;top&#45;10&#45;ransomware&#45;of&#45;2025</guid>

      <description><![CDATA[A retrospective analysis of 2025's top ransomware groups reveals how DNS traces, historical WHOIS records, and network IoCs exposed hidden infrastructure, affiliate activity, and thousands of potential victim connections linked to major cybercriminal operations.]]></description>
      <dc:date>2026-05-13T09:18:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[A Network IoC Analysis for 8 Iran-Affiliated APT Groups]]></title>
      <link>https://circleid.com/posts/a&#45;network&#45;ioc&#45;analysis&#45;for&#45;8&#45;iran&#45;affiliated&#45;apt&#45;groups</link>
      <guid isPermaLink="true">https://circleid.com/posts/a&#45;network&#45;ioc&#45;analysis&#45;for&#45;8&#45;iran&#45;affiliated&#45;apt&#45;groups</guid>

      <description><![CDATA[An analysis of 191 network indicators tied to eight Iran-affiliated APT groups uncovered malicious domains, active infrastructure, thousands of victim-linked IP interactions, and coordinated DNS activity, revealing the breadth and persistence of Tehran-linked cyber operations amid escalating regional tensions.]]></description>
      <dc:date>2026-05-12T09:43:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[Unearthing DNS Facts about UAT-8099]]></title>
      <link>https://circleid.com/posts/unearthing&#45;dns&#45;facts&#45;about&#45;uat&#45;8099</link>
      <guid isPermaLink="true">https://circleid.com/posts/unearthing&#45;dns&#45;facts&#45;about&#45;uat&#45;8099</guid>

      <description><![CDATA[WhoisXML API analysis deepens understanding of the UAT-8099 campaign, uncovering expanded DNS infrastructure, early indicators of malicious intent, and thousands of linked artifacts, underscoring the group's evolving tactics and regional focus across Asia.]]></description>
      <dc:date>2026-04-29T12:21:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[ForceMemo in the DNS Spotlight]]></title>
      <link>https://circleid.com/posts/forcememo&#45;in&#45;the&#45;dns&#45;spotlight</link>
      <guid isPermaLink="true">https://circleid.com/posts/forcememo&#45;in&#45;the&#45;dns&#45;spotlight</guid>

      <description><![CDATA[Researchers tracing the ForceMemo campaign uncover a sprawling DNS footprint, linking compromised GitHub repositories to suspicious domains, shared infrastructure and fresh artifacts, suggesting a coordinated operation that continues to evolve despite partial attribution.]]></description>
      <dc:date>2026-04-23T11:11:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[DNS Analysis of the Keenadu Backdoor Network]]></title>
      <link>https://circleid.com/posts/dns&#45;analysis&#45;of&#45;the&#45;keenadu&#45;backdoor&#45;network</link>
      <guid isPermaLink="true">https://circleid.com/posts/dns&#45;analysis&#45;of&#45;the&#45;keenadu&#45;backdoor&#45;network</guid>

      <description><![CDATA[Keenadu backdoor embedded in Android firmware exploits supply chains and OTA updates, while DNS analysis of its infrastructure reveals coordinated domains, IP links, and early warning signals pointing to premeditated, scalable cybercriminal operations globally distributed.]]></description>
      <dc:date>2026-04-14T11:36:00-07:00</dc:date>
    </item>
  
    <item>
      <title><![CDATA[A DNS Exploration of Operation Olalampo]]></title>
      <link>https://circleid.com/posts/a&#45;dns&#45;exploration&#45;of&#45;operation&#45;olalampo</link>
      <guid isPermaLink="true">https://circleid.com/posts/a&#45;dns&#45;exploration&#45;of&#45;operation&#45;olalampo</guid>

      <description><![CDATA[MuddyWater's Operation Olalampo targets MENA entities using new malware and Telegram-based control, as DNS analysis uncovers fresh infrastructure, thousands of linked domains, and expanded indicators pointing to a broader, coordinated campaign.]]></description>
      <dc:date>2026-04-10T12:27:00-07:00</dc:date>
    </item>
  

  </channel>
  

</rss>