Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hackers Exploit nslookup.exe for DNS Payload Delivery

Hackers Exploit nslookup.exe for DNS Payload Delivery

Posted on February 19, 2026 By CWS

Cybersecurity experts have identified a new method in which hackers exploit the legitimate Windows tool nslookup.exe to deliver malicious payloads through DNS queries. This innovative approach marks a departure from traditional methods that often utilized PowerShell commands, presenting new challenges for security teams.

ClickFix Campaign Adopts nslookup

The ClickFix social engineering campaign has evolved, with attackers now using nslookup.exe, a tool normally employed for DNS troubleshooting, to execute their attacks. This move away from more conspicuous tools makes the detection of such activities more difficult for security systems.

In this updated strategy, the attackers manipulate the DNS ‘Name’ response field to inject payload data, avoiding the more commonly monitored TXT records. This allows them to camouflage their actions within regular diagnostic tasks that nslookup.exe performs, reducing the chances of raising alerts.

Impact on Security Measures

Since nslookup.exe is a widely trusted Windows utility, its use in malicious activities poses a significant challenge for traditional security detection methods. The exploitation of the ‘Name’ field rather than the expected TXT records further complicates the detection process, as many monitoring solutions focus on the latter.

Security researcher Muhammad Hassoub has responded by developing specific CrowdStrike CQL hunting queries aimed at identifying suspicious patterns in DNS queries and unusual execution contexts of nslookup.exe, which may indicate a potential compromise.

Recommended Defensive Strategies

To counteract this threat, Hassoub recommends that organizations enhance their DNS monitoring capabilities and implement behavioral detection rules to identify atypical nslookup.exe usage, especially when interacting with newly registered or suspicious domains.

Security teams, particularly blue teams, are encouraged to broaden their threat-hunting strategies beyond PowerShell indicators to effectively detect and mitigate these living-off-the-land techniques that exploit trusted system utilities for malicious ends.

For ongoing updates on cybersecurity threats and strategies, follow us on Google News, LinkedIn, and X. Reach out to feature your cybersecurity narratives.

Cyber Security News Tags:ClickFix, CrowdStrike, Cybersecurity, DNS attack, Hacking, Malware, network security, Nslookup, payload delivery, security teams, social engineering, Threat Actors, threat detection, Windows security

Post navigation

Previous Post: Critical Honeywell CCTV Flaw Exposes User Accounts
Next Post: Critical Flaw in Splunk Enterprise for Windows Exposed

Related Posts

CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks Cyber Security News
North Korean Hackers Attacking Unmanned Aerial Vehicle Industry to Steal Confidential Data North Korean Hackers Attacking Unmanned Aerial Vehicle Industry to Steal Confidential Data Cyber Security News
DigiCert Breach Exposes EV Code Signing Vulnerabilities DigiCert Breach Exposes EV Code Signing Vulnerabilities Cyber Security News
New Business Email Protection Technique Blocks the Phishing Email Behind NPM Breach New Business Email Protection Technique Blocks the Phishing Email Behind NPM Breach Cyber Security News
Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code Cyber Security News
How Certificate Mismanagement Opens The Door For Phishing And MITM Attacks How Certificate Mismanagement Opens The Door For Phishing And MITM Attacks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Gateways: Emerging Targets for Cyber Attacks
  • Hacker Server Leak Unveils Massive WordPress Breach
  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Gateways: Emerging Targets for Cyber Attacks
  • Hacker Server Leak Unveils Massive WordPress Breach
  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark