Domain Names

Illuminating ShadyPanda DNS Infrastructure Facts

A seven-year malware campaign, orchestrated through seemingly trusted browser extensions, exposed millions of users to DNS abuse. ShadyPanda's infrastructure reveals how trust, subtlety and DNS manipulation sustained an enduring threat.

Mining for DNS Maxims: Top 10 Malware of Q3 2025

An analysis of domains linked to the top malware strains of Q3 2025 reveals early threat signals, typosquatting patterns, and thousands of connections to malicious infrastructure, underscoring the predictive power of DNS telemetry.

Thumbing Through the DNS Traces of TamperedChef

Acronis researchers uncovered a vast malvertising scheme named TamperedChef, which exploited legitimate-looking apps to deploy malicious scripts, steal data, sell remote access, and lay the groundwork for espionage and ransomware campaigns.

DNS Spotlight: New MITRE ATT&CK Group Entrants as of October 2025

MITRE introduced nine new threat groups tied to major vulnerabilities, with deep DNS analysis uncovering 108 malicious domains, 31 risky IPs, and multiple emerging artifacts that highlight evolving attack patterns and early warning opportunities ahead.

A New DNS Validation Method for Simplified Certificate Automation

A new DNS-based domain validation method promises to streamline certificate automation by reducing DNS write requirements, improving operational security, and aligning with broader industry moves toward scalable, standards-based certificate management.

Going DNS Deep Diving Into GhostCall and GhostHire

A DNS investigation into GhostCall and GhostHire uncovers how BlueNoroff targeted tech leaders and Web3 developers, exposing extensive data theft and a wide malicious infrastructure that included suspicious domains, weaponized IP addresses, and typosquatted assets.

.store and MrBeast Campaign Surpasses 500 Million Views Across Platforms

Radix's .store domain has soared past 500 million views across platforms through its high-profile collaboration with MrBeast, underscoring the power of strategic digital branding and creator-led commerce in the online economy.

COLDRIVER’s MAYBEROBOT in the DNS Spotlight

Russia-linked threat actor COLDRIVER has revamped its malware into a new backdoor called MAYBEROBOT, targeting NGOs and dissidents. Early DNS signals and IP resolutions reveal a methodically evolving cyber-espionage campaign.

Burrowing Into the Beamglea Campaign DNS Infrastructure

A threat campaign known as Beamglea exploited npm packages to target over 135 companies globally. Researchers uncovered 175 malicious packages, 344 related domains, and dozens of IP-linked artifacts through DNS and WHOIS analysis.

Chasing After RacoonO365 IoCs Using DNS and Domain Intelligence

A coordinated crackdown on RaccoonO365 reveals the scale of phishing-as-a-service operations, as domain and DNS data expose hundreds of linked artifacts and offer a window into the infrastructure of low-skill cybercrime.