DNS Security

Global Domain Activity Trends Seen in Q1 2026

Q1 2026 domain activity showed registrations concentrated in a handful of TLDs, with 6.7 million new domains flagged as malicious, offering fresh insight into global DNS patterns and cybersecurity risks as shifting registration trends reshape.

A Look Back at the Top 10 Ransomware of 2025

A retrospective analysis of 2025's top ransomware groups reveals how DNS traces, historical WHOIS records, and network IoCs exposed hidden infrastructure, affiliate activity, and thousands of potential victim connections linked to major cybercriminal operations.

A Network IoC Analysis for 8 Iran-Affiliated APT Groups

An analysis of 191 network indicators tied to eight Iran-affiliated APT groups uncovered malicious domains, active infrastructure, thousands of victim-linked IP interactions, and coordinated DNS activity, revealing the breadth and persistence of Tehran-linked cyber operations amid escalating regional tensions.

Unearthing DNS Facts about UAT-8099

WhoisXML API analysis deepens understanding of the UAT-8099 campaign, uncovering expanded DNS infrastructure, early indicators of malicious intent, and thousands of linked artifacts, underscoring the group's evolving tactics and regional focus across Asia.

ForceMemo in the DNS Spotlight

Researchers tracing the ForceMemo campaign uncover a sprawling DNS footprint, linking compromised GitHub repositories to suspicious domains, shared infrastructure and fresh artifacts, suggesting a coordinated operation that continues to evolve despite partial attribution.

Domains: The Overlooked Frontline in IP Protection

Domains have quietly become the primary entry point for online IP infringement, yet most firms lack visibility over portfolios, leaving brands exposed and prompting a shift toward integrated, proactive domain governance and security.

DNS Analysis of the Keenadu Backdoor Network

Keenadu backdoor embedded in Android firmware exploits supply chains and OTA updates, while DNS analysis of its infrastructure reveals coordinated domains, IP links, and early warning signals pointing to premeditated, scalable cybercriminal operations globally distributed.

A DNS Exploration of Operation Olalampo

MuddyWater's Operation Olalampo targets MENA entities using new malware and Telegram-based control, as DNS analysis uncovers fresh infrastructure, thousands of linked domains, and expanded indicators pointing to a broader, coordinated campaign.

DNS Deep Dive: LummaStealer + CastleLoader = Larger Threat

LummaStealer's revival, paired with CastleLoader, reveals a more evasive malware ecosystem, leveraging obfuscation, DNS agility and vast infrastructure to reach over 100,000 potential victims while spawning hundreds of linked malicious domains and IPs globally observed.

A Look Back at 11 of the Red Report 2026 Featured Threats

An analysis of 11 cyber threats from Red Report 2026 reveals how attackers exploit core MITRE ATT&CK techniques, with DNS and IoC data exposing early warning signals, infrastructure scale, and evolving tactics across campaigns globally.