Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Published on:

July 15, 2024

In a recent article from KrebsonSecurity, they detail that at least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain.

Read the research: https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

Related Content

Research

MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution

Explore the evolution of MOIS-linked actors Homeland Justice, Karma, and Handala. Analysis of destructive malware, surveillance integration, and the 2026 Stryker incident.

Learn More

Research

Handala: MOIS Linked Cyber Influence Ecosystem Threat Intelligence Assessment

Discover how Handala, Homeland Justice, and Karma function as a unified MOIS-linked cyber influence ecosystem. This threat intelligence assessment reveals how Iran uses "hack-and-leak" operations to weaponize perception over technical complexity.

Learn More

Research

DPRK Malware Modularity: Diversity and Functional Specialization

Explore the DPRK’s modular malware architecture. Analyze how North Korea uses compartmentalized toolchains for espionage, crypto theft, and strategic signaling.

Learn More

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Heading