惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
Engineering at Meta
Engineering at Meta
D
DataBreaches.Net
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
B
Blog RSS Feed
GbyAI
GbyAI
P
Proofpoint News Feed
aimingoo的专栏
aimingoo的专栏
MyScale Blog
MyScale Blog
D
Docker
阮一峰的网络日志
阮一峰的网络日志
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
美团技术团队
The Register - Security
The Register - Security
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
Tailwind CSS Blog
爱范儿
爱范儿
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
The Blog of Author Tim Ferriss
博客园 - 司徒正美
量子位
B
Blog
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
博客园 - 【当耐特】
MongoDB | Blog
MongoDB | Blog
A
About on SuperTechFans
I
InfoQ
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
雷峰网
雷峰网
大猫的无限游戏
大猫的无限游戏
J
Java Code Geeks
L
LangChain Blog
Latest news
Latest news
S
SegmentFault 最新的问题
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
C
Cisco Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
W
WeLiveSecurity
T
Tenable Blog
T
Tor Project blog

DomainTools Investigations

DomainTools Investigations | Threat Intelligence Report: The Pro-Iran Hacktivist Ecosystem 2026 Eighteen Newsletters and a Dozen Roses Threat Intelligence Report: Nation-State Targeting of Water Systems 2024–2026 The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation Threat Intelligence Report: Russia, Router, DNS, and Messaging-Layer Collection Operations SecuritySnack - Hijacking Corporate Sessions Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both? Threat Intelligence Report: The SDA / Structura / Doppelgänger, Influence Operations, Infrastructure, Reach, and Potential Edge of Seventeen (Newsletters) Cybersecurity Reading List - Week of 2026-06-01 Chinese Malware Delivery Domains Part II: Data Collection Cybersecurity Reading List - Week of 2026-05-04 Sixteen going on Seventeen Newsletters DPRK Contagious Interview: Developer Workflow Compromise The AI Frame Campaign Continues MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution Fifteen (Newsletters) On A Skateboard Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment Cybersecurity Reading List - Week of 2026-04-06 DPRK Malware Modularity: Diversity and Functional Specialization SecuritySnack - OpenAI Anti-Ads Malware Exposure of TLS Private Key for Myclaw 360 in Qihoo 360 “Security Claw” AI Platform SecuritySnack - CloudFlare Anti-Security For Phishing Fourteen Newsletters and Fifteen Winters Cybersecurity Reading List - Week of 2026-03-02 Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026 SecuritySnack - Idolized Crypto Scams Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign Seven Nation Newsletter: I'm goin' to Wichita! Guess who's back, back again? DTI’s back, tell a friend! Thirteen Silver Newsletters Newsletter Number 9, Keep On Movin' Down The Line Eight Days a Newsletter: I lo-o-o-ove research! Newsletter No. 5: A Little Bit of Research in my life… Tenth Newsletter Freeze-Out Newsletter 11 Could Take Forever 1, 2, 3, 4 Tell Me That You Love Newsletters It's 6’n the Mornin’ (and my Newsletter at your door!) DT Investigations - Security Research for the Community March 2025 DTI Newsletter: I Like Newsletters and I Cannot Lie
CTI Grapevine Becomes DomainTools Investigations
DomainTools · 2026-02-11 · via DomainTools Investigations

Hello CTI Grapevine Superfriends!

You may have noticed some subtle changes to our website: As of today, CTI Grapevine became part of the newly-launched DomainTools Investigations (DTI) family. Since this shift may come as a surprise to some of our avid readers, I wanted to share why we believe it is a great move for our community:

CTI Grapevine was started as an initiative by us, for us: The researchers, analysts, defenders, and the quiet types you never hear about publicly, but who behind the scenes help make the Internet a safer place. You know who you are. We wanted to explore what it would be like for the community if we published relevant and timely Domain- and DNS-related security snacks - “bite size research,” if you will. We had some really great success with this in 2024. You, the community, gave us both positive and constructive feedback on areas of growth, what you wanted us to improve on, and how we could be a better resource to the community at large. As we brainstormed on how to grow the program, we kept coming back to a DomainTools core principle: Community First! 

On a personal note, this core principle is one of the top reasons I stayed with DomainTools after my previous employer Farsight Security was acquired - The InfoSec Community has been a key part of my career for over 20 years, I would not be where I am today without it. In 2002, I started attending The Agora in Seattle, one of the first quarterly closed-vetted InfoSec meetups. After a few years as an attendee, I got involved and helped to organize and host the events for another decade+. Around 2007, I started attending other great community-focussed conferences like ISOI, and later ACoD, DCC, UE - IYKYK. I mention all this to underline how serious I am in my commitment to The Community, and as the Head of DomainTools Investigations, I will make sure we do not stray from that path.

In the spirit of supporting the community, we knew we needed to be extremely thoughtful in providing more resources. We pitched a program that could attract and sustain kickass researchers and analysts who could focus on providing their expertise on an ongoing basis. Our bosses listened, and decided to give us a year to prove ourselves. And so, DTI was formed as a community-based research effort focused on investigating, mitigating, and preventing Domain- and DNS-based attacks. (And yes, we love puns and DTI is a play on CTI…see what we did there?) With the launch of DTI, building on the foundation of CTI Grapevine, the cybersecurity community will have expanded access to:

  • Insights on advanced persistent threats (APTs), nation-states, cyber-espionage groups, business email compromise (BEC), and more
  • Published research on the DTI website and available via webinars, closed door sessions, and conferences
  • A yearly report that dives into the nuances of Domain- and DNS-based attacks

You can get all of this goodness right here on the site, and never miss an update by setting up an RSS feed to dti.domaintools.com. Additionally, you can find us on the socials (Mastodon: @domaintools@infosec.exchange, Bluesky @domaintools, X @domaintools, LinkedIn https://www.linkedin.com/company/domaintools/ ), or come say “Hi” at various conferences and events we will be frequenting all year long!

Here is to an exciting year ahead, and to borrow a signature word from one of my friends and mentors: Excelsior!

Daniel Schwalbe
CISO and Head of Investigations
DomainTools

PS: Let’s talk about tracking for a minute. More specifically website page views, and email open tracking, or what the kids call “engagement” these days. When we first launched CTI Grapevine, we intentionally had zero tracking on the site. This is somewhat rare in the industry, but as a security and privacy professional, I am allergic to tracking. I block it wherever and however I can. Being in control of DNS resolutions on your own Network is very useful for that purpose. 

But if as a business you must track, at least be as transparent as possible about it. So this is the approach we are taking here. The bargain we made with our bosses in order to take DTI to the next level was to sign up for some KPIs, and we need some kind of measurement to see if we hit those KPIs. We use Google Analytics with tags, and Marketo Measure (Bizible / Adobe). We won’t gate content, and we won’t use more invasive tracking.

Sure, tracking on websites can be blocked by the browser, and almost every email client now has the ability to block open tracking. We accept it, and are OK with that. But if you feel so inclined and want to support our program, maybe consider letting some of that tracking through. 

Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both?

Analysis of ZionSiphon (SCADA_SecurityPatch_v8.4.exe), a .NET OT malware targeting Israeli water utilities. Discover its IOCs, targets, and flawed activation code.

Threat Intelligence Report: The SDA / Structura / Doppelgänger, Influence Operations, Infrastructure, Reach, and Potential

How does the Doppelgänger influence campaign reach 5M+ users? Read DTI’s latest report on the SDA/Structura ecosystem, featuring a deep dive into narrative propagation, domain rotation tactics, and a 72-hour crisis influence timeline.

MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution

Explore the evolution of MOIS-linked actors Homeland Justice, Karma, and Handala. Analysis of destructive malware, surveillance integration, and the 2026 Stryker incident.