Domain Names

Scouring the DNS for Traces of the Hiddengh0st and Winos SEO Poisoning Campaign

A Chinese-language SEO poisoning campaign has been uncovered, leading users to fake software sites. Investigators linked the scheme to malware variants and uncovered thousands of malicious domains, subdomains, and IP addresses through DNS and WHOIS analysis.

Understanding DNSSEC: Best Practices and Implementation Challenges

DNS Security Extensions (DNSSEC) offer cryptographic safeguards to validate DNS responses, countering spoofing and cache poisoning. While implementation is complex, best practices and third-party services help firms navigate the operational demands of deployment.

False Positive Rate Reduced to 1.66% on WhoisXML API’s First Watch Malicious Domains Data Feed

WhoisXML API has halved the false positive rate of its malicious domain feed, enhancing detection precision. The update refines machine learning models, promising leaner cybersecurity operations and fewer interruptions from erroneous threat alerts.

Thumbing through the DNS Trail of the TAOTH Campaign

A cyber campaign targeting East Asian elites leveraged fake web services. DNS forensics uncovered suspicious domains, IP links, and signs of future infrastructure repurposing.

Deep Dive: 3 Lazarus RATs Caught in Our DNS Trap

Researchers tracked three Lazarus-linked RATs to a vast DNS network, uncovering dormant domains, geolocated IPs, and artifacts tied to financial and cryptocurrency sector intrusions.

How Brands Can Prepare for the New GTLD Program

For the first time in over a decade, the internet is opening its gates to a new wave of generic top-level domains (gTLDs). This is not just an opportunity to register a domain name, but the entire top-level domain itself.

Cross-Examining the CAPTCHAgeddon Brought on by ClickFix

Guardio reported about the ClickFix stealer that is considered an evolved version of fake browser updates. Instead of relying on a file download, it used fake CAPTCHA pages that allowed it to evade detection more effectively.

A Deep Dive Into the GreedyBear Attack

Koi Security recently dove into the widely executed and highly coordinated GreedyBear crypto theft attack that used 150 weaponized Firefox extensions. According to the company, it utilized close to 500 malicious executables and dozens of phishing sites. The result? The threat actors have amassed more than US$1 million to date.

WhoisXML API’s TLD RDAP Monitor Tracks RDAP Deployment Across 1,400+ TLDs

WhoisXML API is proud to announce the launch of the TLD RDAP Monitor, an intuitive dashboard that constantly monitors the range of adoption of the Registration Data Access Protocol (RDAP) across 1,440 top-level domains (TLDs).

Into the Deep DNS Sea with the JSCEAL Campaign

Cybercriminals behind the JSCEAL campaign exploited malicious ads to spread fake crypto trading apps, generating millions of views and DNS activity across Europe in 2025. Check Point Research uncovered 94 domains as IoCs, exposing extensive DNS abuse, typosquatting, and infrastructure links fueling this large-scale, deception-driven cyber threat.