dns
Safeguard articles tagged "dns" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Microsoft May 2026 Patch Tuesday: No Zero-Days, but Two CVSS 9.8 Wormable RCEs
Microsoft's May 2026 Patch Tuesday shipped without a single exploited zero-day for the first time since June 2024, but it still carried two unauthenticated CVSS 9.8 remote code execution bugs in core Windows services that every domain should treat as emergency patches.
When DNSSEC Goes Wrong: The .de TLD Signing Failure That Took Down German Domains (May 5, 2026)
On May 5, 2026, DENIC published unvalidatable DNSSEC signatures for the .de zone after a deployment defect made its signer generate three key pairs instead of one. Validating resolvers worldwide, including Cloudflare's 1.1.1.1, were forced to return SERVFAIL.
DNS Cache Poisoning for Software Updates: 2025
DNS cache poisoning is a known attack class with a new application: hijacking software update checks to ship malicious binaries that pass every signature check.
DNS Security and Software Distribution: The Foundation Nobody Secures
Every software download, package install, and API call starts with a DNS query. DNS compromise redirects your supply chain at the most fundamental level — and most organizations have no visibility.