Whois

WhoisXML API’s TLD RDAP Monitor Tracks RDAP Deployment Across 1,400+ TLDs

WhoisXML API is proud to announce the launch of the TLD RDAP Monitor, an intuitive dashboard that constantly monitors the range of adoption of the Registration Data Access Protocol (RDAP) across 1,440 top-level domains (TLDs).

Into the Deep DNS Sea with the JSCEAL Campaign

Cybercriminals behind the JSCEAL campaign exploited malicious ads to spread fake crypto trading apps, generating millions of views and DNS activity across Europe in 2025. Check Point Research uncovered 94 domains as IoCs, exposing extensive DNS abuse, typosquatting, and infrastructure links fueling this large-scale, deception-driven cyber threat.

Spilling the Beans on Multiplatform Cryptominer Soco404

In "Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload," Wiz analyzed a campaign exploiting cloud environment vulnerabilities and misconfigurations to deploy cryptominers. Soco404 payloads were embedded in fake 404 HTML pages hosted on websites built using Google Sites. Google has taken down the sites since their reporting.

WhoisXML API Introduces MCP Server to Bring LLMs Direct Access to Internet Infrastructure Intelligence

WhoisXML API announces the launch of its MCP server that allows large language models (LLMs) to query 17 of its APIs, enabling users to access unique internet infrastructure intelligence data, run bulk queries and conduct complex internet infrastructure research projects directly from the chatbot interface using natural language.

Top 10 Malware of Q2 2025: A Deep Dive into the IoCs

In the recently published "Top 10 Malware Q2 2025," the Center for Internet Security (CIS) Cyber Threat Intelligence (CTI) Team named the top 10 malware for the quarter, along with their corresponding indicators of compromise (IoCs).

RomCom and TransferLoader IoCs in the Spotlight

Proofpoint released "10 Things I Hate about Attribution: RomCom vs. TransferLoader" detailing connections between RomCom and TransferLoader. While the researchers said the backdoors were typically used by different groups -- RomCom by TA829 and TransferLoader by UNK_GreenSec, they did see similarities between the threat actors' campaigns.

A DNS Exploration of the Latest Educated Manticore Attack

Check Point Research published an in-depth analysis of the recent spearphishing attack launched by Iranian threat group Educated Manticore. The attackers targeted Israeli journalists, high-profile cybersecurity experts, and computer science professors from leading Israeli universities.

Global Domain Activity Trends Seen in Q2 2025

WhoisXML API analyzed 26.0+ million domains registered between 1 April and 30 June 2025 from the Newly Registered Domains (NRDs) Data Feed. We found out that the number of NRDs increased by 11.0% compared with the previous quarter.

Beneath the Belly of the Latest BlueNoroff Attack: A DNS Investigation

Huntress was alerted to the recent BlueNorroff attack when an end-user reported potentially downloading a malicious Zoom extension on 11 June 2025. As it turned out, the malware came disguised as a Calendly meeting invite from a supposed contact sent via Telegram.

Rounding Up DNS Facts about Operation RoundPress

The Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2025-32433 and CVE-2024-42009 to the Known Exploited Vulnerabilities (KEV) Catalog on 9 June 2025 after they were reportedly abused by APT28 to hack government webmail servers in an operation dubbed "RoundPress."