Domain Names

Rounding Up DNS Facts about Operation RoundPress

The Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2025-32433 and CVE-2024-42009 to the Known Exploited Vulnerabilities (KEV) Catalog on 9 June 2025 after they were reportedly abused by APT28 to hack government webmail servers in an operation dubbed "RoundPress."

DNIB Reports 371.7 Million Domain Name Registrations in Q2 2025

The second quarter of 2025 closed with 371.7 million domain name registrations across all top-level domains (TLDs), an increase of 9.3 million domain name registrations compared to the second quarter of 2024, according to the latest issue of the Domain Name Industry Brief Quarterly Report released Thursday at DNIB.com.

Baring the DNS Traces of the Slow Pisces Attack on Cryptocurrency Developers

Palo Alto Unit 42 reported on the latest Slow Pisces attack that engaged with cryptocurrency developers on LinkedIn. The threat actors posed as potential employers and sent malware disguised as coding challenges. Developers who took on the challenge ended up running a compromised project, infecting their systems with RN Loader and RN Stealer.

Uncovering the DNS Underbelly of UNC5174: The Shift from SNOWLIGHT to VShell

UNC5174, a Chinese-sponsored group known for using the open-source reverse shell tool named "SUPERSHELL," struck again. In January 2025, they used a new open-source tool and command-and-control (C&C) infrastructure dubbed "SNOWLIGHT." This time around, they have begun using another tool dubbed "VShell."

Down the DNS Funnel and into the Funnull Infrastructure

The Federal Bureau of Investigation (FBI) issued a FLASH report to disseminate indicators of compromise (IoCs) for the Funnull infrastructure that threat actors used to manage domains related to cryptocurrency investment fraud scams between October 2023 and April 2025. The report provided links to two lists.

Framing the AkiraBot Framework Under the DNS Lens

SentinelLABS recently dug deep into AkiraBot, a framework made to spam website chats and contact forms to promote a low-quality search engine optimization (SEO) service. So far, the bot has targeted 400K+ websites and spammed 80K+ websites since September 2024.

Shining the DNS Spotlight on Lumma Stealer

The U.S. Department of Justice seized 114 domains connected to a major information-stealing campaign utilizing Lumma Stealer on 21 May 2025. The Cybersecurity and Infrastructure Security Agency (CISA) released the list of indicators of compromise (IoCs) on the same date.

A DNS Examination of the Phishing Campaign Targeting Japanese Brokerage Firms

Yahoo! News Japan reported cases where securities accounts were hijacked so cybercriminals could sell stocks without their rightful owners' permission. More than 3,500 fraudulent transactions have already been recorded from January to April 2025 alone, amounting to stock owner losses of ¥300+ billion.

A DNS Deep Dive into the LabHost PhaaS Infrastructure

The Federal Bureau of Investigation (FBI) shared a warning on 29 April 2025 about the LabHost phishing-as-a-service (PhaaS) campaign that threatened the security of users worldwide, along with a massive list of related indicators of compromise (IoCs). WhoisXML API embarked on an in-depth analysis of the IoCs through a DNS deep dive.

Radix Releases UA Readiness Study on E-Commerce Platforms to Support Broader Internet Compatibility

Adoption of new short and new long TLDs shows strong momentum, while IDN email compatibility continues to evolve across platforms.