How Zombie Domains Keep Expired Sites Trusted for Extended Periods

Anuj May 15, 2026
www.news4hackers.com-how-zombie-domains-keep-expired-sites-trusted-for-extended-periods-how-zombie-domains-keep-expired-sites-trusted-for-extended-periods
Post Views: 5

Expired Domain Names Create Trust Risks Across Multiple Systems

Researchers have discovered that expired domain names can persist as trusted entities in several critical systems, including web public key infrastructure (Web PKI), software supply chains, and cryptocurrency naming systems.

  • This phenomenon, referred to as “zombie linkages,” occurs when expired domains are not promptly removed from trust records, allowing them to remain active even after the original domain owner has relinquished control.

The Web PKI System: A Vulnerable Window

In a study conducted by researchers from the University of Southern California (USC) and the University of Twente, it was found that over 192,000 expired-domain certificates remained active months after the corresponding domains had expired or changed ownership.

According to the researchers, this created a vulnerable window during which an attacker could potentially impersonate the domain using a still-valid certificate.

Software Supply Chains at Risk

The researchers also discovered that expired domains can lead to persistence in software repositories like Maven Central, a prominent repository for Java software packages. Many enterprise applications and developer tools automatically fetch packages from it.

  • The researchers identified 31,853 Maven Central namespaces that were tied to expired or transferred domains, with approximately 4,842 (15.2%) showing ongoing publishing activity even after the original ownership period had ended.
As a result, applications relying on these packages might be compromised if they contained malicious code or vulnerabilities.

Ethereum Name Service Exposed

The researchers found similar issues in Ethereum Name Service (ENS), a system connecting readable names to cryptocurrency wallet addresses. They discovered that over 400 ENS linkages remained active for more than two years after the domains associated with them had changed ownership.

More Stories

www.news4hackers.com-cisco-fixes-sixth-sd-wan-vulnerability-exploited-in-2026-cisco-fixes-sixth-sd-wan-vulnerability-exploited-in-2026

Cisco Fixes Sixth SD-WAN Vulnerability Exploited in 2026

Anuj May 15, 2026
www.news4hackers.com-deepfakes-outrun-detection-technology-deepfakes-outrun-detection-technology

Deepfakes Outrun Detection Technology

Anuj May 15, 2026
www.news4hackers.com-latest-infosecurity-products-and-solutions-for-cybersecurity-professionals-latest-infosecurity-products-and-solutions-for-cybersecurity-professionals

Latest Infosecurity Products and Solutions for Cybersecurity Professionals

Anuj May 15, 2026

Latest Cyber Security News

www.news4hackers.com-cisco-fixes-sixth-sd-wan-vulnerability-exploited-in-2026-cisco-fixes-sixth-sd-wan-vulnerability-exploited-in-2026

Cisco Fixes Sixth SD-WAN Vulnerability Exploited in 2026

Anuj May 15, 2026
www.news4hackers.com-how-zombie-domains-keep-expired-sites-trusted-for-extended-periods-how-zombie-domains-keep-expired-sites-trusted-for-extended-periods

How Zombie Domains Keep Expired Sites Trusted for Extended Periods

Anuj May 15, 2026
www.news4hackers.com-deepfakes-outrun-detection-technology-deepfakes-outrun-detection-technology

Deepfakes Outrun Detection Technology

Anuj May 15, 2026
www.news4hackers.com-latest-infosecurity-products-and-solutions-for-cybersecurity-professionals-latest-infosecurity-products-and-solutions-for-cybersecurity-professionals

Latest Infosecurity Products and Solutions for Cybersecurity Professionals

Anuj May 15, 2026
www.news4hackers.com-investing-in-ai-oversight-weighing-the-costs-and-benefits-investing-in-ai-oversight-weighing-the-costs-and-benefits

Investing in AI Oversight: Weighing the Costs and Benefits

Anuj May 15, 2026
en_USEnglish
en_USEnglish