Stay updated on DNS security with the latest news on threats, protection strategies, and expert insights into securing your domain systems.
Search across headline titles and summaries.
Background for this topic.
DNS, or Domain Name System, is the internet's phone book; it translates human-friendly domain names like www.example.com into numerical IP addresses that computers use to communicate with each other. While DNS is crucial for the functionality of the internet, it has several security vulnerabilities that can be exploited by malicious actors.
In the context of information security, DNS security involves the implementation of measures and protocols that protect the DNS infrastructure and the interactions between users and domain names. Attacks on DNS, such as DNS spoofing or cache poisoning, can redirect users to fraudulent websites to collect sensitive information or to distribute malware. Another common threat is the Distributed Denial of Service (DDoS) attack, which can overwhelm DNS servers with traffic, causing legitimate users to lose access to websites.
Securing DNS involves a variety of practices, such as employing DNSSEC (DNS Security Extensions) to add a layer of authentication to responses, preventing the redirection caused by spoofing. Monitoring and threat detection are also critical, as they allow for the early identification of unusual patterns that could indicate an attack. Organizations often use firewalls, anti-virus software, and network analyzers for this purpose. Additionally, regular updates and patches to DNS software are essential to protect against known vulnerabilities.
Weekly headline count for the current query.
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack
Bad week
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Hijacking DNS Settings Helps Russian Hackers Decrypt TLS Traffic, Microsoft WarnsHackers tied to Russia's GRU military intelligence agency are compromising SOHO routers to hijack their DNS settings and spy on the cloud activities of high-value government, IT, telecommunications and energy organizations, Microsoft warns.
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at least May 2025
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. [...]
PLUS: Firefox adds XSS protection; Leadership turnover at CISA; FTC exempts some data collection Infosec In Brief DNS vulnerabilities are being addressed 84 percent faster in the UK public sector thanks to an automated vulnerability scanning system established as part of a program kicked off early last year.…
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025
ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. [...]
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload