Network Infrastructure | Breaking Cybersecurity News | The Hacker News

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters. "An unauthenticated remote attacker can inject and execute arbitrary shell commands, resulting in remote code execution," VulnCheck noted in an advisory. "The affected endpoint is also associated with unauthenticated DNS modification ('DNSChanger') behavior documented by D-Link , which reported active exploitation campaigns targeting firmware variants of the DSL-2740R, DSL-2640B, DSL-2780B, and DSL-526B models from 2016 through 2019." The cybersecurity company also noted that exploitation attempts targeting CVE-2026-0625 were recorded by the Shadowserver Foundation on November 27, 2025. Some of ...

The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. "Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is primarily hosted on popular U.S. cloud services," security researchers Reethika Ramesh, Zhanhao Chen, Daiping Liu, Chi-Wei Liu, Shehroze Farooqi, and Moe Ghasemisharif said . The activity has been attributed to a China-linked group known as the Smishing Triad , which is known to flood mobile devices with fraudulent toll violation and package misdelivery notices to trick users into taking immediate action and providing sensitive information. These campaigns have proven to be lucrative, allowing the threat actors to make more than $1 billion over the last three years, according to a re...

In today's cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked: the Domain Name System (DNS). As the starting point of nearly every online interaction, DNS is not only foundational - it's increasingly a target. When left unsecured, it becomes a single point of failure that can disrupt services, redirect users, or expose sensitive data. Securing it isn't just good practice - it's a necessity. Why DNS Is a Core Part of Internet Infrastructure The Domain Name System, or DNS, functions like the internet's address book. It translates easy-to-remember domain names (like example.com ) into the numerical IP addresses (like 1.2.3.4 ) that computers use to identify each other across networks. Every time a user visits a website, opens an app, or sends an email, a DNS query is triggered in the background to connect that request to the correct server. Without DNS,...

Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns. Recorded Future's Insikt Group has linked the infrastructure to a hacking group it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. "The group's infrastructure is meticulously crafted, utilizing dynamic DNS (DDNS) providers like Dynu, DNSEXIT, and Vitalwerks to register domains used in phishing attacks," the cybersecurity company said . "These domains often employ deceptive themes related to cloud services, file sharing, and document visualization to lure targets into revealing sensitive information or downloading malicious files." Examples include terms like "cloud," "uptimezone," "doceditor," "joincloud," ...