Encrypted DNS still tells an eavesdropper where to look 2026-06-22 at 08:00 By Mirko Zorz Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext […]
Encrypted DNS still tells an eavesdropper where to look Read More »
Silent Ransom Group Uses DNS Fast Flux in Attacks 2026-06-08 at 14:07 By Ionut Arghire Focusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast Flux in Attacks appeared first on SecurityWeek. This article is an excerpt
Silent Ransom Group Uses DNS Fast Flux in Attacks Read More »
DNS-AID lets AI agents find and verify each other through DNS 2026-06-01 at 11:46 By Sinisa Markovic AI agents run across many platforms, and each one needs a way to locate and confirm the identity of the others it works with. The Linux Foundation’s DNS-AID project gives them that capability through the Domain Name System,
DNS-AID lets AI agents find and verify each other through DNS Read More »
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains 2026-05-23 at 14:04 By Ionut Arghire The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek. This article is
Zombie linkages are keeping expired domains trusted for years 2026-05-15 at 08:24 By Sinisa Markovic Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has changed. Researchers at USC and the University of Twente examined this problem in
Zombie linkages are keeping expired domains trusted for years Read More »
Google Adds Rust DNS Parser to Pixel Phones for Better Security 2026-04-14 at 13:32 By Ionut Arghire The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment. The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek. This article is an
Google Adds Rust DNS Parser to Pixel Phones for Better Security Read More »
BIND Updates Patch High-Severity Vulnerabilities 2026-03-26 at 15:52 By Ionut Arghire Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
BIND Updates Patch High-Severity Vulnerabilities Read More »
NIST updates its DNS security guidance for the first time in over a decade 2026-03-23 at 09:18 By Mirko Zorz DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure
NIST updates its DNS security guidance for the first time in over a decade Read More »
Internet Infrastructure TLD .arpa Abused in Phishing Attacks 2026-03-09 at 15:37 By Ionut Arghire Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare. The post Internet Infrastructure TLD .arpa Abused in Phishing Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Internet Infrastructure TLD .arpa Abused in Phishing Attacks Read More »
The internet’s oldest trust mechanism is still one of its weakest links 2026-01-22 at 07:23 By Anamarija Pogorelec Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent.
The internet’s oldest trust mechanism is still one of its weakest links Read More »
Formal proofs expose long standing cracks in DNSSEC 2025-12-23 at 09:41 By Sinisa Markovic DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume that if DNSSEC validation passes, the answer can be trusted. New academic research
Formal proofs expose long standing cracks in DNSSEC Read More »
A day in the life of the internet tells a bigger story 2025-12-04 at 08:43 By Sinisa Markovic On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to capture a detailed snapshot of that activity by
A day in the life of the internet tells a bigger story Read More »
Threat group reroutes software updates through hacked network gear 2025-11-19 at 12:02 By Sinisa Markovic Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked routers to steer software updates toward its own servers. The discovery shows
Threat group reroutes software updates through hacked network gear Read More »
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) 2025-10-28 at 19:27 By Zeljka Zorz A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) Read More »
BIND Updates Address High-Severity Cache Poisoning Flaws 2025-10-23 at 13:31 By Ionut Arghire The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache. The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
BIND Updates Address High-Severity Cache Poisoning Flaws Read More »
Why DNS threats should be on every CISO’s radar in 2025 2025-08-12 at 07:32 By Sinisa Markovic DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are feeling the pressure. The report shows that DNS is being used
Why DNS threats should be on every CISO’s radar in 2025 Read More »
EU launches EU-based, privacy-focused DNS resolution service 2025-06-09 at 17:38 By Zeljka Zorz DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality. What is DNS? The Domain Name System (DNS) “translates” human-readable domain names into IP addresses and back, and is essential for accessing websites. Most users use
EU launches EU-based, privacy-focused DNS resolution service Read More »
DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks 2025-04-08 at 18:04 By Danelle Au While often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks. The post DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks appeared first on SecurityWeek.
DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks Read More »
US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations 2025-04-04 at 15:29 By Ionut Arghire US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations. The post US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server
US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations Read More »
UK NCSC offers security guidance for domain and DNS registrars 2025-03-27 at 16:48 By Zeljka Zorz The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says.
UK NCSC offers security guidance for domain and DNS registrars Read More »