A DNS analysis of infrastructure behind ongoing MSHTA abuse uncovered malicious registrations, typosquatting clusters, victim activity, and hundreds of linked indicators, revealing how legacy Windows tooling continues enabling modern malware campaigns through interconnected DNS intelligence.
A DNS deep dive into Microsoft's macOS ClickFix campaign uncovered victim infrastructure, typosquatting clusters, malicious registrations, and hundreds of linked indicators, exposing a broader infostealer ecosystem beyond the original 140 network IoCs identified by Microsoft.
An extensive DNS analysis of TA416's renewed European espionage campaign uncovered malicious infrastructure, typosquatting clusters, historical network activity, and thousands of connected artifacts that expand defenders' visibility beyond Proofpoint's original indicators for proactive threat hunting.
A DNS investigation of the GHOST STADIUM phishing operation uncovered typosquatting clusters, malicious infrastructure, victim-linked IP activity, and thousands of connected domains, revealing the scale of a FIFA 2026 ticket fraud ecosystem.
A DNS investigation of Shadow-Earth-053 uncovered hundreds of victim-linked connections and a sprawling infrastructure tied to China-aligned cyber-espionage. Analysis of known indicators exposed additional domains, IP addresses, and registration patterns that broaden the campaign's suspected footprint.
A DNS-focused investigation of the FakeWallet crypto-stealer campaign uncovered links to malicious infrastructure, potential victims, and thousands of connected domains, revealing signs of pre-staged operations and suggesting the wallet-phishing scheme was broader and longer-running than first reported.
A DNS investigation into Pushpaganda, an AI-powered scam network that infiltrated Google Discovery feeds, uncovered more than 1,000 connected domains, 162 linked IP addresses, and evidence that several infrastructure assets were registered with malicious intent.
A DNS-focused investigation into the Axios NPM supply chain attack uncovered typosquatting networks, victim-linked infrastructure, and hundreds of connected domains, revealing how malicious actors built and sustained a sprawling cyber campaign around compromised software dependencies.
Hexastrike traced an AtlasCross RAT campaign linked to Silver Fox, uncovering spoofed domains, victim infrastructure, and malicious network artifacts that reveal how attackers exploited trusted software brands to widen compromise and persistence.
Q1 2026 domain activity showed registrations concentrated in a handful of TLDs, with 6.7 million new domains flagged as malicious, offering fresh insight into global DNS patterns and cybersecurity risks as shifting registration trends reshape.