Security Digest — 2026-03-08

Today’s security landscape is dominated by phishing — attackers are finding novel DNS-based evasion techniques while EU regulators push banks to bear more responsibility for phishing-related fraud losses.

---

Vulnerabilities & Exploits

Hackers abuse .arpa DNS and IPv6 to evade phishing defenses BleepingComputer

Threat actors are abusing the special-use .arpa domain and IPv6 reverse DNS lookups in phishing campaigns designed to slip past domain reputation checks and email security gateways. The technique exploits infrastructure typically associated with legitimate reverse DNS resolution, making it harder for automated defenses to flag malicious traffic.

---

Policy & Compliance

EU court adviser says banks must immediately refund phishing victims BleepingComputer

The Advocate General of the Court of Justice of the EU has issued a formal opinion that banks must immediately refund customers for unauthorized transactions resulting from phishing, even when the account holder bears some fault. If adopted by the court, the ruling would significantly shift liability toward financial institutions across the EU.