Cybersecurity Reading List - Week of 2025-10-27 - DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally.| DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally.| DomainTools Investigations | DTI
Ian Campbell's recap of DTI's participation at BSides NoVa| DomainTools Investigations | DTI
A deep dive into the 4-stage NPM phishing attack flow that led to high-profile repository account takeover. Protect your development security. The post SecuritySnack: Repo The Repo - NPM Phishing appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds. The post Inside a Crypto Scam Nexus appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
My team has been on a tear this month, we've published new research on Salt Typhoon, an advanced Chinese APT, and we've analyzed the massive Kimsuky leak, giving us a rare look into a North Korean threat actor's playbook. We also identified new activity from the PoisonSeed e-crime group, and uncovered a banking trojan targeting Android users in Southeast Asia. Let's get you up to speed! The post Newsletter Number 9, Keep On Movin' Down The Line appeared first on DomainTools Investigations |...| DomainTools Investigations | DTI
Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infrastructure. Active since at least 2019, Salt Typhoon has demonstrated advanced capabilities in exploiting network edge devices, establishing deep persistence, and harvesting sensitive communications metadata, VoIP configurations, lawful intercept data, and subscriber profiles from telecom provider...| DomainTools Investigations | DTI
DomainTools Investigations identified a set of malicious domains registered since 01 June 2025 likely linked to the ecrime actor publicly known as PoisonSeed. These domains primarily spoof the email platform SendGrid and are likely attempting to compromise enterprise credentials of SendGrid customers. They display fake Cloudflare CATPCHA interstitials to add legitimacy to malicious domains before […] The post Newly Identified Domains Likely Linked to Continued Activity from PoisonSeed E-Cri...| DomainTools Investigations | DTI
If you are a returning reader, welcome back! If you are a new reader, what you are about to read is news from our group of researchers and analysts, where they provide their expertise in investigating, mitigating, and preventing Domain and DNS based attacks.So without further ado, here’s what our incredible team has been up to for the rest of August.| DomainTools Investigations | DTI
