Attacks don’t stop at one company. Reused credentials and phishing domains make every business a target. The PayPal “Hack” That Shook Confidence In May 2025, headlines screamed that nearly 16 million PayPal accounts had been hacked. Hackers claimed to be selling a massive dataset of email and password pairs on a dark-web forum. The news rattled PayPal’s users and ... View Post
articles
Trust No Packet: DNS Queries Can Be Your Firewall’s Weakest Link
Organizations spend millions on cutting-edge firewalls, intrusion detection systems, and network monitoring tools. Yet despite these sophisticated defenses, one of the internet's most basic protocols continues to be a major security vulnerability: the Domain Name System (DNS). The problem isn't with DNS itself—it's with how much we trust it. Network administrators ... View Post
Can DNS Be Used to Hack AI Chatbots?
Short answer: Only If You've Already Been Hacked Fascinating game of "telephone" over the past week which started out as some research on how hackers could embed images into DNS TXT records, and wound up proclaiming, "Newly published research shows that the domain name system—a fundamental part of the web—can be exploited to hide malicious code and prompt injection ... View Post
Nameserver Delegation Security: The Technical Guide for Web3 Infrastructure Teams
Nameserver delegation represents a critical security control point for Web3 projects. While blockchain transactions may be secured by cryptographic protocols, the DNS infrastructure directing users to your platform remains vulnerable to attacks. This technical guide explains how to secure nameserver delegations for crypto, DeFi, and Web3 ... View Post
Centralized Risks in Decentralized Projects: Mapping Your Complete Attack Surface
Decentralization is a core principle of Web3, yet most crypto projects rely on centralized infrastructure components that create significant security vulnerabilities. Understanding your complete attack surface requires mapping both decentralized and centralized elements of your architecture. Explore our full guide: Domain & DNS Security for Crypto, DeFi and ... View Post
How a DNS Hijack Exposed Web3’s Weakest Link: The Curve Finance Case Study
What Curve Finance’s 2022 DNS hijack reveals about Web3’s hidden reliance on centralized infrastructure—and how to defend against similar attacks. Case Study: Curve Finance Incident: DNS Hijack of DeFi Frontend Date: August 9, 2022 Overview Curve Finance, a decentralized exchange protocol on Ethereum known for its stablecoin AMM pools, ... View Post