The Secret is Out
Criminals are stealing domain names to commit Corporate Identity Theft

Featured articles and information:


2024-03-29, Sectigo Limited
Root Causes 373: Massive Brand Hijack Subverts More Than 21,000 Domains and Subdomains

2024-02-26, Tim Callan
Root Causes 365: What Is Subdomain Hijacking?

Hijacked subdomains of major brands used in massive spam campaign

2024-02-26, Guardio Labs
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions of Malicious Emails

2024-02-07, TMFE Pty Ltd
Episode 240 Deep Dive: Cricket Liu | The Past, Present, and Future of DNS: Security Evolution, Collaboration, and Maximizing Infrastructure Efficiency

Cloud squatting: How attackers can use deleted cloud assets against you

The Glaring Gap in Your Cybersecurity Posture: Domain Security

Lawsuit Claims ‘’ Has Been Stolen After Years of Legal Drama

Frax Finance Reports Domain Hijacking Incident

'Prolific Puma' Hacker Gives Cybercriminals Access to .us Domains

Galxe protocol experiences DNS attack, losses $150K

Identity attacks, which often involve impersonation and privilege escalation, are a growing persistent threat to organizations worldwide.

DNS security poses problems for enterprise IT

Balancer blames ‘social engineering attack’ on DNS provider for website hijack

Dangling DNS Used to Hijack Subdomains of Major Organizations

Three Reasons Why CISOs Need to Know How Their Company Is Managing Their Domains

2023-07-14, SiliconANGLE Media Inc
Attackers target the Domain Name System, the internet’s phone book. Here’s how to fight back

Malware Execution Method Using DNS TXT Record

2023-04-18, Corporation Service Company (CSC)
Subdomain hijacking vulnerabilities report

GoDaddy says a multi-year breach hijacked customer websites and accounts

Hackers Took Over a Subdomain of for Several Months and Replaced It With Sleazy Online Casino Content

2022-09-21, Bleeping Computer LLC
Domain shadowing becoming more popular among cybercriminals

2022-08-25, Future Publishing Limited Quay House
DNS is now more important than ever for internet traffic

2022-08-18, Cointelegraph
Celer Network shuts down bridge over potential DNS hijacking

2022-08-10, Tron Weekly
Curve Finance’s Hackers Loot $570K Via DNS Hijacking

2022-07-02, CryptoPotato
DNS Hijack Compromised Ankr’s Services for Polygon and Fantom

2022-06-24, Defiant Media Inc
Hackers Step Up Attempts to Hijack DeFi Websites

2022-06-24, Yahoo Inc
Hackers Step Up Attempts to Hijack DeFi Websites Convex's Domain Name Server Targeted in Latest Spoofing Exploit

2022-06-13, The Hacker News
Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

2022-05-06, Bleeping Computer LLC
Ferrari subdomain hijacked to push fake Ferrari NFT collection

2022-03-29, Help Net Security
Subdomain takeover attacks on the rise and harder to monitor

2021-11-25, Bleeping Computer LLC
UK government transport website caught showing porn

2021-11-25, The Crow
A site dedicated to porn? Absolutely. Best of British Porn? Not Quite.

2021-10-21, Reed Exhibitions Ltd
72% of Organizations Experienced a DNS Attack in the Past Year

2021-09-23, Saint Bitts LLC -
Hackers Compromise Web Portal — DNS Hijack Replaces Site With BTC Doubler Scam

2021-09-03, Bleeping Computer LLC
Over 60,000 parked domains were vulnerable to AWS hijacking

2021-05-24, CircleID
“It’s Always DNS!” Why DNS Is the Biggest Single Point of Failure in the New Norm

2021-03-15, The Record by Recorded Future
DNS hijacks at two cryptocurrency sites point the finger at GoDaddy, again

2021-02-28, The Perl Foundation
The Hijacking of

2020-11-23, Wired Business Media
Subdomain of Official Joe Biden Campaign Website Defaced by Turkish Hacker

2020-06-07, Sophos Ltd
Company web names hijacked via outdated cloud DNS records

2020-04-17, The Spamhaus Project SLU
The Current State of Domain Hijacking, and a specific look at the ongoing issues at GoDaddy

2019-06-17, IDG Communications, Inc
DNS hijacking grabs headlines, but it’s just the tip of the iceberg

2019-04-17, WIRED Media Group
Cyberspies Hijacked the Internet Domains of Entire Countries

2019-04-17, Cisco Systems, Inc
DNS Hijacking Abuses Trust In Core Internet Service

2019-04-07, Forbes
Gmail, Netflix and PayPal Users Targeted In DNS Hijacking Campaign

2019-02-23, Techcrunch
ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure

2019-02-18, Krebs on Security
A Deep Dive on the Recent Widespread DNS Hijacking Attacks

2019-02-18, WIRED Media Group
Inside the DNSpionage hacks that hijack domains at an unprecedented scale

2018-12-11, Threatpost Redirected to NSFW Page Spewing Racial Epithets

2018-01-14, Bleeping Computer LLC
Hackers Hijack DNS Server of BlackWallet to Steal $400,000

2013-08-27, The Washington Post
The New York Times Web site was taken down by DNS hijacking. Here’s what that means.


2024-02-13, UK NCSC
Phishing attacks: defending your organisation

2023-01-22, US Government CISA
Emergency Directive 19-01

2019-09-19, US Government CISA
Mitigate DNS Infrastructure Tampering

2019-06-12, UK Government NCSC
Ongoing DNS hijacking and mitigation advice

2019-02-12, US Government CISA
DNS Infrastructure Hijacking Campaign

2019-02-05, UK Government NCSC
DNS hijacking activity


2022-10-25, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Zakir Durumeric, KC Claffy, Geoffrey M. Voelker, Stefan Savage
Retroactive Identification of Targeted DNS Infrastructure Hijacking

2021-11-22, Rebekah Houser; Shuai Hao; Zhou Li; Daiping Liu; Chase Cotton; Haining Wang
A Comprehensive Measurement-based Investigation of DNS Hijacking

2020-11-02, Eihal Alowaisheq, Siyuan Tang, Zhihao Wang, Fatemah Alharbi, Xiaojing Liao, XiaoFeng Wang
Zombie Awakening: Stealthy Hijacking of Active Domains through DNS Hosting Referral

2020-04-08, Asadullah Shaikh, Bhavika Pardeshi, Faraz Dalvi
Overcoming Threats and Vulnerabilities in DNS

2019-02-07, Rashid, S. M. Zia Ur & Kamrul, Md. Imtiaz & Alam, Asraful.
Understanding the Security Threats of Esoteric Subdomain Takeover and Prevention Scheme.

2017-10-30, Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, Nick Nikiforakis
The Wolf of Name Street: Hijacking Domains Through Their Nameservers

2016-10-24, Daiping Liu, Shuai Hao, Haining Wang
All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records

2015-07-09, Xue, Jupo Liu, Yang Chang, Peng Xiao, Jun
Design and Implementation of Domain Hijacking Detection System

2005-10-19, Venugopalan Ramasubramanian and Emin Gun Sirer
Perils of Transitive Trust in the Domain Name System