In January, Detectify's security team identified that the .cd top-level domain (TLD) was set to expire and managed to secure it to prevent potential malicious exploitation. The expiration of a TLD can lead to DNS hijacking, where attackers could control traffic and intercept sensitive information. Fredrik Nordberg Almroth, a co-founder of Detectify, preemptively claimed the .cd domain, which belongs to the Democratic Republic of Congo, to prevent such risks. DNS hijacking involves redirecting user traffic by manipulating domain name servers, and it poses significant threats, including phishing and data theft. A similar vulnerability exists at the subdomain level, known as Hostile Subdomain Takeover, which occurs when abandoned subdomains are claimed by others for malicious purposes. Detectify emphasizes the importance of monitoring domain licenses and subdomain inventories to prevent these threats, offering tools like Surface Monitoring to help organizations track DNS configurations and mitigate vulnerabilities.