Research
Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign
How Lotus Blossom (G0030) compromised the Notepad++ update pipeline in a precision supply-chain espionage campaign targeting high-value organizations.
Security Research for the Community
Recently Added
2026-02-11
Research
THE KNOWNSEC LEAK: Yet Another Leak of China’s Contractor-Driven Cyber-Espionage Ecosystem
Leaked Knownsec documents reveal China’s cyberespionage ecosystem. Analyze TargetDB, GhostX, and 404 Lab’s role in global reconnaissance and critical infrastructure targeting.
2026-01-09
Research
The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation
APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-payments, and administrative ledgers sustain Iranian cyber operations and link them to Moses Staff.
2025-12-16
SecuritySnacks
SecuritySnack - Idolized Crypto Scams
An analysis of an active cryptocurrency scam operation impersonating Trump, Musk, and Truth Social across 250+ domains — uncovering shared wallet infrastructure, on-chain laundering pipelines, and the tactics used to fake legitimacy.
2026-02-25
SecuritySnacks
Cybersecurity Reading List - Week of 2026-02-02
Commentary followed by links to cybersecurity articles and resources that caught our interest internally.
2026-02-02
Newsletters
Thirteen Silver Newsletters
DomainTools Investigations kicks off 2026 with deep dives into the KnownSec leak exposing China's cyberespionage ecosystem, predatory online gambling apps, and a phishing campaign weaponizing fake job interviews.
2026-02-05
Newsletters
Rainy Day Newsletter #12 (but not 35)
Explore how agentic AI accelerates threat hunting by 10x, a deep dive into APT35’s internal operations, and B2B2C supply chain attacks in the DTI December newsletter.
2026-01-08
Podcast episodes
How Russian Disinformation Campaigns Exploit Domain Registrars and AI
The Breaking Badness Cybersecurity Podcast discusses research from the DomainTools Investigations team on Russian Disinformation
2025-04-16
Podcast episodes
Book Club with Dmitri Alperovitch
Discussing Dmitri's new book, World on the Brink: How America Can Beat China in the Race for the 21st Century.
2024-05-01
Research
Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign
How Lotus Blossom (G0030) compromised the Notepad++ update pipeline in a precision supply-chain espionage campaign targeting high-value organizations.
Research
THE KNOWNSEC LEAK: Yet Another Leak of China’s Contractor-Driven Cyber-Espionage Ecosystem
Leaked Knownsec documents reveal China’s cyberespionage ecosystem. Analyze TargetDB, GhostX, and 404 Lab’s role in global reconnaissance and critical infrastructure targeting.
Research
The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation
APT35/Charming Kitten's leaked documents expose the financial machinery behind state-sponsored hacking. Learn how bureaucracy, crypto micro-payments, and administrative ledgers sustain Iranian cyber operations and link them to Moses Staff.
SecuritySnacks
SecuritySnack - Idolized Crypto Scams
An analysis of an active cryptocurrency scam operation impersonating Trump, Musk, and Truth Social across 250+ domains — uncovering shared wallet infrastructure, on-chain laundering pipelines, and the tactics used to fake legitimacy.
SecuritySnacks
Cybersecurity Reading List - Week of 2026-02-02
Commentary followed by links to cybersecurity articles and resources that caught our interest internally.
SecuritySnacks
SecuritySnack: Phishing Interviews
Phishing campaign targets job seekers with fake career portals and interview invites, stealing ID.me credentials and deploying malware since August 2025.
Newsletters
Thirteen Silver Newsletters
DomainTools Investigations kicks off 2026 with deep dives into the KnownSec leak exposing China's cyberespionage ecosystem, predatory online gambling apps, and a phishing campaign weaponizing fake job interviews.
Newsletters
Rainy Day Newsletter #12 (but not 35)
Explore how agentic AI accelerates threat hunting by 10x, a deep dive into APT35’s internal operations, and B2B2C supply chain attacks in the DTI December newsletter.
Newsletters
Newsletter 11 Could Take Forever
Dive into DomainTools Investigations' latest threat intel! Read our 3-part series on China's Great Firewall leak and an analysis of APT35 (Charming Kitten) campaigns targeting the Middle East and Korea, focusing on Exchange attacks. Get the intelligence you need!
Podcast episodes
How Russian Disinformation Campaigns Exploit Domain Registrars and AI
The Breaking Badness Cybersecurity Podcast discusses research from the DomainTools Investigations team on Russian Disinformation
Podcast episodes
Book Club with Dmitri Alperovitch
Discussing Dmitri's new book, World on the Brink: How America Can Beat China in the Race for the 21st Century.
