Abusing .arpa: The TLD That Isn’t Supposed to Host Anything

, ,

Threat actors are exploiting the .arpa top-level domain (TLD), typically not meant for hosting content, to conduct phishing attacks. By using IPv6 tunnels, they create malicious domains that bypass security controls. These phishing campaigns employ tricks like embedding hyperlinks in images, leading victims to malicious sites through a series of redirects. The attack involves manipulating DNS record management to host phishing content, taking advantage of the .arpa domain’s trusted nature. This novel exploitation complicates detection since these domains appear legitimate and are often unblocked by security policies.

https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/

United States Leads Dismantlement of One of the World’s Largest Hacker

,

The Department of Justice announced the seizure of the LeakBase database, a major online forum for cybercriminals. Coordinated actions by law enforcement in 14 countries, including the United States, shut down the forum, seized data, and arrested individuals involved. This operation disrupts a significant platform for cybercriminals to profit from stolen data and demonstrates international cooperation in combating cybercrime.

https://www.justice.gov/opa/pr/united-states-leads-dismantlement-one-worlds-largest-hacker-forums

Inside Tycoon2FA: How a Leading AiTM Phishing Kit Operated at Scale

, ,

The article analyzes Tycoon2FA, a phishing-as-a-service platform that enabled large-scale adversary-in-the-middle (AiTM) attacks capable of bypassing multifactor authentication. It explains how the service intercepted login credentials and session cookies through proxy phishing pages that mimicked services such as Microsoft 365 and Gmail. The platform included evasion techniques and user-friendly infrastructure, enabling less-skilled attackers to run campaigns that reached hundreds of thousands of organizations each month. The article concludes with guidance on layered defenses, including improved authentication methods, phishing detection, and coordinated disruption efforts. 

https://www.microsoft.com/en-us/security/blog/2026/03/04/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/

Global Phishing-as-a-service Platform Taken Down in Coordinated Public-private Action

Tycoon 2FA, a major phishing-as-a-service platform, was disrupted in a coordinated international operation led by Europol. The platform, which enabled large-scale account compromise, was taken down with the help of law enforcement and private sector partners, including Microsoft and Trend Micro. This operation highlights the importance of public-private partnerships in combating cybercrime.

https://www.europol.europa.eu/media-press/newsroom/news/global-phishing-service-platform-taken-down-in-coordinated-public-private-action

LLMs Can Unmask Pseudonymous Users at Scale With Surprising Accuracy

, ,

Large language models (LLMs) can accurately unmask pseudonymous users on social media platforms, thereby undermining the privacy afforded by pseudonymity. Researchers found that LLMs can achieve high recall and precision rates in identifying users based on their online activity, posing risks of doxxing, stalking, and targeted advertising. The study highlights the need for stronger privacy protections and suggests mitigations, such as rate limits on data access and monitoring for LLM misuse.

https://arstechnica.com/security/2026/03/llms-can-unmask-pseudonymous-users-at-scale-with-surprising-accuracy/

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild

, ,

IDPI exploits hidden instructions in web content processed by LLMs, causing unauthorized actions without direct interaction. Recent evidence shows substantial real-world malicious exploitation, including AI ad review evasion and SEO manipulation targeting phishing. 22 techniques were identified, necessitating proactive defenses against such threats. Understanding and mitigating web-based IDPI is crucial for the safety of AI systems integrated into web operations.

https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/

Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat

, ,

DDoS attacks surged in 2025, with a 75% increase, becoming a constant threat to digital infrastructures in Europe. Attacks lasted up to 12,388 minutes, and follow-up incidents increased by 80%. Link11 recommends continuous DDoS protection, advanced web application security, and AI-based detection for resilience against evolving threats.

https://markets.businessinsider.com/news/currencies/link11-releases-european-cyber-report-2026-ddos-attacks-become-a-constant-threat-1035885265

New Gmail Account Attack Warning—Hackers Abuse Critical Security Check

, , ,

Hackers are targeting Gmail users with a malicious fake Google Account Security Checkup tool that grants attackers access to sensitive information, including push notifications, contacts, GPS location, and clipboard contents. This attack uses deception to trick users into following prompts that compromise their account security. To protect themselves, users should only use the official Google Account Security Checkup tool through official channels, such as typing the URL directly into their browser.

https://www.forbes.com/sites/daveywinder/2026/03/01/check-your-gmail-account-security-now-ongoing-attacks-reported/

US‑Israel‑Iran Conflict May Trigger Unprecedented Cyberattacks

US-Israel-Iran tensions may lead to extensive cyberattacks disrupting critical infrastructure and financial systems. Cyberwarfare is increasingly integrated into military strategies, as past incidents demonstrate its potential for widespread damage without physical destruction. Experts warn that the ongoing conflict could escalate into coordinated attacks on various sectors, stressing the need for robust cybersecurity measures like zero-trust architecture.

https://www.khaleejtimes.com/world/asia/usisraeliran-trigger-unprecedented-cyberattacks?amp=1

Iran Cyberattack Blackout and War Risks

Iran faced a near-total internet blackout amid a cyberattack during military strikes, disrupting critical infrastructure and communication. Internet traffic dropped to 4% of normal levels as Iranian news outlets went offline and security systems failed, highlighting the integration of cyber warfare with traditional military actions. Analysts view cyberattacks as a tool for Iran to retaliate without escalating to full-scale war, presenting several potential response strategies, including cyberattacks, maritime threats, and support for militias. The incident underscores the rising importance of cybersecurity in global conflicts and advises individuals to enhance personal digital security measures during such tensions.

https://cyberguy.com/news/iran-cyberattack-blackout-war-risks/

Cultivating a Robust and Efficient Quantum-safe HTTPS

, , , ,

Google's Chrome team is rolling out a program to implement quantum-safe HTTPS certificates using Merkle Tree Certificates (MTCs), which increase efficiency and transparency without compromising security. MTCs replace traditional certificate chains, reducing bandwidth usage while adopting post-quantum cryptography. The rollout has three phases: testing MTCs with existing certificates, inviting log operators for public MTCs, and establishing a new root store for MTCs. This initiative aims to ensure a robust, efficient, and scalable approach to enhanced web security amid evolving quantum threats.

https://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html

Scroll to Top