Cyberattack

Thumbing through the DNS Trail of the TAOTH Campaign

A cyber campaign targeting East Asian elites leveraged fake web services. DNS forensics uncovered suspicious domains, IP links, and signs of future infrastructure repurposing.

Deep Dive: 3 Lazarus RATs Caught in Our DNS Trap

Researchers tracked three Lazarus-linked RATs to a vast DNS network, uncovering dormant domains, geolocated IPs, and artifacts tied to financial and cryptocurrency sector intrusions.

Cross-Examining the CAPTCHAgeddon Brought on by ClickFix

Guardio reported about the ClickFix stealer that is considered an evolved version of fake browser updates. Instead of relying on a file download, it used fake CAPTCHA pages that allowed it to evade detection more effectively.

A Deep Dive Into the GreedyBear Attack

Koi Security recently dove into the widely executed and highly coordinated GreedyBear crypto theft attack that used 150 weaponized Firefox extensions. According to the company, it utilized close to 500 malicious executables and dozens of phishing sites. The result? The threat actors have amassed more than US$1 million to date.

WhoisXML API’s TLD RDAP Monitor Tracks RDAP Deployment Across 1,400+ TLDs

WhoisXML API is proud to announce the launch of the TLD RDAP Monitor, an intuitive dashboard that constantly monitors the range of adoption of the Registration Data Access Protocol (RDAP) across 1,440 top-level domains (TLDs).

Into the Deep DNS Sea with the JSCEAL Campaign

Cybercriminals behind the JSCEAL campaign exploited malicious ads to spread fake crypto trading apps, generating millions of views and DNS activity across Europe in 2025. Check Point Research uncovered 94 domains as IoCs, exposing extensive DNS abuse, typosquatting, and infrastructure links fueling this large-scale, deception-driven cyber threat.

Spilling the Beans on Multiplatform Cryptominer Soco404

In "Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload," Wiz analyzed a campaign exploiting cloud environment vulnerabilities and misconfigurations to deploy cryptominers. Soco404 payloads were embedded in fake 404 HTML pages hosted on websites built using Google Sites. Google has taken down the sites since their reporting.

The CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Regulation

Cyber threats are escalating in scale and sophistication, driven by AI and growing regulatory pressure. CSC's CISO Outlook 2025 reveals how domain-based attacks are testing security teams - and why stronger governance, strategic investment, and trusted partnerships are critical for resilience. Download the full report to navigate what lies ahead.

Best Attack Surface Monitoring Tools

A whopping 600 million cyberattacks every single day - that's what organizations face nowadays, according to the Microsoft Digital Defense Report. The sheer volume of threats, coupled with the expanding attack surfaces resulting from digital transformation, scaling, and other factors, has made attack surface monitoring a must even for organizations that were previously happy with a more traditional vulnerability management approach.

Top 10 Malware of Q2 2025: A Deep Dive into the IoCs

In the recently published "Top 10 Malware Q2 2025," the Center for Internet Security (CIS) Cyber Threat Intelligence (CTI) Team named the top 10 malware for the quarter, along with their corresponding indicators of compromise (IoCs).