Infoblox Threat Intel

The Hacker News
October 6, 2025

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field.

The Hacker News
October 3, 2025

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That’s according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish.

Techradar
October 3, 2025

Security researchers have spotted an enormous malware campaign which managed to quietly compromise more than 30,000 websites, as well as countless visitors.

SC Media
October 2, 2025

Attacks involving server-side DNS exploitation have enabled cybercrime operation Detour Dog to inject the Strela Stealer malware into more than 30,000 websites worldwide, most of which are in the U.S., according to HackRead.

HackRead
October 1, 2025

Infoblox reveals how the Detour Dog group used server-side DNS to compromise 30,000+ sites across 89 countries, installing the stealthy Strela Stealer malware.

GB Hackers
October 1, 2025

Detour Dog, a stealthy website malware campaign tracked since August 2023, has evolved from redirecting victims to tech-support scams into a sophisticated DNS-based command-and-control (C2) distribution system that delivers the Strela Stealer information stealer via DNS TXT records.

CSO Online
September 12, 2025

Hackers are using AI to supercharge domain-based attacks, and most companies aren’t nearly ready to keep up. Among the numerous cyber threats that enterprises must contend with, domain-based attacks hold a prominent position.

SC Media
August 13, 2025

Infoblox’s 2025 DNS Threat Landscape Report highlights a dramatic rise in DNS-based cyberattacks, with threat actors increasingly leveraging AI-driven deepfakes, malicious adtech, and evasive domain strategies, The Fast Mode reports.

Help Net Security
August 12, 2025

DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are feeling the pressure.

Security Middle East
August 11, 2025

Infoblox has shared its 2025 DNS Threat Landscape Report, revealing a significant rise in DNS-based cyber threats. The report indicates that of the 100.8 million newly observed domains, 25.1 per cent were classified as malicious or suspicious, while 82 per cent of environments encountered domains linked to malicious adtech.

CXO Insight Middle East
August 7, 2025

Infoblox has released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS-based cyber threats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech and evasive domain tactics.

TECHx
August 6, 2025

Infoblox, cloud networking and DNS security services, has released its 2025 DNS Threat Landscape Report. The report reveals a sharp rise in DNS-based cyber threats and highlights the growing use of AI in malicious activities.

Tech It Up Middle East
August 6, 2025

Infoblox has released its 2025 DNS Threat Landscape Report, revealing a dramatic surge in DNS-based cyber threats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech and evasive domain tactics.

Network World
August 4, 2025

The Infoblox Threat Defense platform analyzes DNS traffic to detect and stop malware, phishing, and ransomware.

MSP Channel Insights
August 4, 2025

Infoblox’s latest report details a rise in DNS-based cyberthreats, highlighting sophisticated AI-enabled attacks that exploit vulnerabilities to deceive users and evade detection.

Tech Collective Asia
June 18, 2025

You’re casually browsing the internet – maybe checking the news or searching for a recipe – when you receive a pop-up on the screen that your phone is infected. You’re urged to download an antivirus app before it’s “too late”.

The Business Times
June 14, 2025

A job promising flexible hours, high pay, and the freedom to work from anywhere. No interviews, no tests – just a friendly text and a professional-looking website.

The Canberra Times
May 28, 2025

Picture this: you’re poolside in Bali, mojito in one hand and laptop in the other. You’ve cracked the system, really. A job with flexible working hours, great pay, work from home (or a resort) with training provided.

Intelligent CISO
May 23, 2025

Infoblox uncovers a threat actor exploiting abandoned cloud resources to hijack subdomains of major organisations for scams and malware distribution.

SC Media
May 21, 2025

Hackread reports that newly identified threat operation Hazy Hawk has been exploiting DNS misconfigurations and deserted cloud resources to take over domains belonging to the Centers for Disease Control, the state of Alabama, the Australian Department of Health, the University of California at Berkeley, and the University College London, as well as Deloitte and PwC, since December 2023.

CSO Online
May 20, 2025

Infoblox says crooks are finding and taking over ‘dangling’ CNAME records for scams. Threat actors continue to find ways of hijacking domains thanks to poor DNS record-keeping and misconfigurations by administrators, a hole that CSOs have to plug or risk financial or reputational damage to their organizations.

Dark Reading
May 20, 2025

Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.

The Hacker News
May 20, 2025

A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records.

Bleeping Computer
May 20, 2025

A threat actor tracked as ‘Hazy Hawk’ is hijacking forgotten DNS CNAME records pointing to abandoned cloud services, taking over trusted subdomains of governments, universities, and Fortune 500 companies to distribute scams, fake apps, and malicious ads.

Hack Read
May 20, 2025

Infoblox reveals Hazy Hawk, a new threat exploiting abandoned cloud resources (S3, Azure) and DNS gaps since Dec 2023. Learn about their tactics and how to protect your organization and users.

Dark Reading
May 7, 2025

After a long hiatus, the federal agency updated Domain Name Sever (DNS) recommendations around protecting the network and the DNS protocol itself, say Scott Harrell and Mukesh Gupta of Infoblox.

The Hacker News
May 6, 2025

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes).

Intelligent CISO
May 6, 2025

US$ 5.7 billion – that is how much money U.S. consumers reported losing to investment scams in 2024. For context, that is enough to fund five Mars rover missions.

Bleeping Computer
February 28, 2024

A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns.

Tech Republic
February 9, 2024

Cyber security threat actor VexTrio is flying under the radar for most APAC region cyber security professionals because it is a web traffic distribution middle man rather than an endpoint source of malware.

Krebs on Security
October 31, 2023

The top-level domain for the United States — .US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests.