![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
-Baldur’s-Gate-3-The-Final-Patch---An-Animated-Short-00-03-43.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.png?#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![‘Samsung Auto’ is an Android Auto alternative for Galaxy phones you can’t use [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/samsung-auto-12.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple's Foldable iPhone Won't Have Face ID for Under-Display Camera [Rumor]](https://www.iclarified.com/images/news/97017/97017/97017-640.jpg)
![Apple Seeds tvOS 18.5 Beta 2 to Developers [Download]](https://www.iclarified.com/images/news/97011/97011/97011-640.jpg)
![Apple Releases macOS Sequoia 15.5 Beta 2 to Developers [Download]](https://www.iclarified.com/images/news/97014/97014/97014-640.jpg)
Dangling DNS Attack Let Hackers Gain Control Over Organization’s Subdomain
Cybersecurity experts have identified a growing threat vector where attackers exploit improperly configured or abandoned DNS records to hijack organizational subdomains. These “Dangling DNS” attacks occur when DNS records, particularly canonical name (CNAME) records, point to resources that no longer exist or have been deprovisioned, creating an opportunity for attackers to register and control these […] The post Dangling DNS Attack Let Hackers Gain Control Over Organization’s Subdomain appeared first on Cyber Security News.
Cybersecurity experts have identified a growing threat vector where attackers exploit improperly configured or abandoned DNS records to hijack organizational subdomains.
These “Dangling DNS” attacks occur when DNS records, particularly canonical name (CNAME) records, point to resources that no longer exist or have been deprovisioned, creating an opportunity for attackers to register and control these subdomains for malicious purposes.
The vulnerability typically manifests when organizations migrate services, discontinue SaaS subscriptions, or decommission cloud resources without properly updating their DNS configurations.
For instance, if a company stops using Zendesk for customer support but fails to remove the CNAME record pointing support.YourBiz.com to YourBiz.zendesk.com, attackers can register the abandoned Zendesk subdomain and gain control over it.
SentinelOne researchers identified over 1,250 instances of subdomain takeover risks related to deprovisioned cloud resources in the past year alone.
These vulnerabilities are particularly concerning when they affect assets that serve as part of software supply chains, potentially transforming a simple configuration oversight into a devastating supply chain attack.
“What makes these attacks particularly insidious is that they exploit trust relationships that have been previously established,” noted SentinelOne researchers in their April 2025 analysis.
“When users or systems continue to request resources from what they believe are legitimate organizational subdomains, they’re actually connecting to attacker-controlled infrastructure.”
A common example involves cloud storage services like AWS S3 buckets.
.webp)
When a bucket used to host content on a subdomain is deleted but its DNS record remains, it creates a perfect attack opportunity. Consider the following scenario:-
support.YourBiz.com. 3600 IN CNAME YourBiz.zendesk.com.When the zendesk account is abandoned but the DNS record remains, visitors to support.YourBiz.com may encounter error messages indicating the resource is unavailable.
.webp)
However, attackers who register that same Zendesk subdomain can now control content served through the legitimate organizational domain.
The danger escalates substantially when these subdomains are used for delivering software components or updates.
In a recent investigation spanning from October 2024 to January 2025, security researchers discovered approximately 150 deleted S3 buckets that received over 8 million requests for container images, software updates, and even VPN configurations.
Had attackers controlled these resources, they could have distributed malicious code through trusted channels.
The distinctive error message from a missing AWS S3 bucket, a key indicator of subdomain takeover vulnerability.
Organizations can protect themselves by implementing regular DNS auditing, promptly removing stale DNS records, and deploying runtime security to detect unexpected behavior even when prevention fails.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Also Read:
The post Dangling DNS Attack Let Hackers Gain Control Over Organization’s Subdomain appeared first on Cyber Security News.
