Skip to main content

Field Notes

The Subdomain You Retired Can Be Claimed: How Dangling DNS Turns an Old SaaS Link Into an Attacker-Controlled Site.

Deleting a hosted service without removing its DNS record can leave a trusted company subdomain pointing at a resource another party may be able to claim. Learn the attack chain, run a safe localhost demonstration, assess the business impact, and build a disciplined offboarding process.

Your Private Package Can Be Replaced: How Dependency Confusion Hijacks a Software Build.

A mixed public-and-private package configuration can let an untrusted release outrank an approved internal dependency. Learn how dependency confusion works, reproduce it safely on localhost, assess the business impact, and harden the path from source code to release.

The API Key You Forgot: How Hardcoded Secrets Become a Business Breach.

A single API key committed to source code can expose customer data, create fraudulent cloud costs, interrupt operations, and give an intruder a path into connected systems. Learn how the weakness works, reproduce it safely in a local lab, and fix it at the code, hosting, and process levels.

Your Email Domain Can Be Forged: How Spoofing Turns Into Business Email Compromise.

Learn how email domain spoofing abuses SPF, DKIM, and DMARC gaps, what it can cost a business, how to audit it safely, and how Sunimod can help remediate the risk.