A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation. The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains – that remain exposed due to misconfigured DNS records, including 11 wildcard domains that exponentially […]
The post New Vulnerability in Substack let Attackers Take Over Subdomains appeared first on Cyber Security News.
This article has been indexed from Cyber Security News