https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead/
Oct 22, 2025 - At least one CVE could weaken defenses put in place following 2008 disclosure.
cache poisoningvulnerabilitiesfounddnsresolving
https://portswigger.net/research/practical-web-cache-poisoning
In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems
cache poisoningpracticalwebresearch
https://portswigger.net/research/web-cache-entanglement
Caches are woven into websites throughout the net, discreetly juggling data between users, and yet they are rarely scrutinized in any depth. In this paper,...
webcacheentanglementnovelpathways
https://kb.isc.org/docs/cve-2025-40778
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
cache poisoningcveattacksunsolicitedrrs
https://portswigger.net/research/bypassing-web-cache-poisoning-countermeasures
Following my presentation and whitepaper on Web Cache Poisoning last month, various companies have deployed defences in an attempt to mitigate cache poisoning...
cache poisoningbypassingwebresearch
https://portswigger.net/research/responsible-denial-of-service-with-web-cache-poisoning
In this post, I'll tell the story of how I came to love denial of service attacks, and show you how to use web cache poisoning to take down websites with...
cache poisoningresponsibledenialserviceweb
https://kb.isc.org/docs/cve-2025-40780
In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source...
cache poisoningcvedueweak