My first blog with Proofpoint is live! And we love a good crossover. State-sponsored actors try their hand at ClickFix - the hottest thing in cybercrime. Meet the North Koreans, Iranians, and Russians who are upping their social engineering game proofpoint.com/us/blog/threat…

DTI found what appear to be deceptive browser extensions on the Google Store. These extensions manipulate ratings, transmit data externally, and mimic well-known brands. They offer diverse functions like AI tools and URL shorteners, termed "AI Slop." dti.domaintools.com/deceptive-brow…

In our latest digest, Ian Campbell shares what we're reading and listening to in the security community including pieces by: 🔸Cisco Talos Intelligence Group 🔸SpyCloud 🔸404 Media 🔸Infoblox 🔸and more! Find the full cybersecurity reading list here: dti.domaintools.com/cybersecurity-…

The demand for devious domains to successfully trick users has never been higher. the sheer volume of newly observed domains in 2024 was over 106 million — creating a significant challenge for security teams. Read more from Forbes here: forbes.com/sites/zakdoffm…

Hackers are ramping up the creation of malicious websites. What are some of the habits of hackers? What registrars to they prefer over others? Which ISPs do they like? And what keywords resonate with them for maximal impact? Read more from @Cybernews: cybernews.com/security/malic…

We're at @RSAC in SF! Breaking Badness Podcast is recording with folks from SquareX, Microsoft, MITRE, Analyst1, and Splunk Topics:▪️Phishing & malware via domains ▪️Nation-state actor tactics ▪️AI community building Previous episodes here: domaintools.com/resources/podc…

Our founder Vivek Ramachandran (Vivek Ramachandran) just wrapped up an enlightening conversation with Kali Fencl from DomainTools for the Breaking Badness Cybersecurity Podcast! Vivek shared his perspectives on the evolution of attack infrastructure - from traditional domain-based

🤫 Tomorrow in San Francisco 🤫 DomainTools Investigations will host a San Francisco Closed Door Session during the week of #RSAC. These Closed Door Sessions are where industry analysts and researchers will share TLP:RED research on active campaigns.

🎙️ Day 3 of recording BreakingBadnessShow Cybersecurity Podcast at #RSAC! Today we're speaking with: 🔹Yonatan K (Team Axon) 🔹Robert Duncan (Netcraft) 🔹John Donovan (ZEDEDA, Inc.) 🔹Mick (@Splunk) Listen to previous episodes here: domaintools.com/resources/podc…

April was a busy month for us! Here's a recap of research we shared: Where to Find Aspiring Hackers (focusing on Proton66, a bulletproof hosting network) dti.domaintools.com/proton66-where…

From the LA wildfires to AI tech breakthroughs, viral events dominate the news cycle—and cybercriminals are quick to exploit them. 🧵 dti.domaintools.com/scams-maliciou…

🚨 New Breaking Badness episode! Kali Fencl chats with Mick (Splunk, ex-CISO for Pete Buttigieg) on building secure campaigns, strong teams & empathetic leadership in cyber. podcasts.apple.com/us/podcast/bui…

The SLEUTHCON agenda is live! 🙌 Daniel Schwalbe & Analyst1’s Jon DiMaggio will present: "Seeing is Believing" — a visual map of Russian ransomware groups shaped by war, leaks & law enforcement. Learn more here: sleuthcon.com/seeing-is-beli…

Since Feb 2024, over 100 fake Chrome extensions & sites have been stealing data, hijacking sessions & injecting malicious code. Learn more here: dti.domaintools.com/dual-function-…

Looking for smart reads & listens in cyber? @Neurovagrant shares what’s buzzing on our team’s radar this week: 🎧 Maltego's Human Element 📚 The Citizen Lab 📰 Nextgov/FCW 🔍 Threat Insight Full list 👉 dti.domaintools.com/cybersecurity-…

Warning! Malicious Chrome extensions found mimicking legit tools pcworld.com/article/279151… pcworld.com/article/279151…

A spoofed antivirus download page is delivering VenomRAT, StormKitty, and SilentTrinity—a powerful combo for credential theft, persistence, and long-term access. Full breakdown: dti.domaintools.com/venomrat/?utm_… #CyberSecurity #ThreatIntel #MalwareAnalysis #Infosec

DomainTools Investigations’ (DTI) latest analysis uncovers a technically sophisticated malware campaign that uses fake CAPTCHAs and spoofed document verification pages to trick users into self-infecting their machines with the NetSupport RAT. dti.domaintools.com/how-threat-act…

DomainTools is an Exhibiting Sponsor at SLEUTHCON! Check out our booth later this week at the show. Come for the shirt, stay to learn how domain intelligence can prevent, mitigate, and investigate attacks. See the full show schedule here: sleuthcon.com/2025agenda

ICYMI: Skeleton Spider (FIN6) is using trusted cloud services like AWS to deliver malware via fake resumes & job lures. Social engineering meets stealthy infrastructure. Learn more here: dti.domaintools.com/skeleton-spide…