Industry stats Updated Jun 2026All domains worldwide 392.5M registered names +6.5% YoY Verisign · Q1 2026.com + .net total 176.1M names in zone Verisign · Q1 2026.com + .net 11.5M newly registered · 76.3% renewed Verisign · Q1 2026Country-code TLDs 146.3M names +2.4% YoY Verisign · Q1 2026New gTLDs 49.6M names · 30.9% renewed +3.7% QoQ Verisign · Q1 2026Legacy gTLDs 20.5M names · 67.6% renewed +14.6% YoY Verisign · Q1 2026WordPress 41.5% of all sites · 59.3% of CMS sites W3Techs · 17 Jun 2026Shopify 5.2% of all sites · 7.5% of CMS sites W3Techs · 17 Jun 2026Wix 4.3% of all sites · 6.1% of CMS sites W3Techs · 17 Jun 2026Squarespace 2.5% of all sites · 3.5% of CMS sites W3Techs · 17 Jun 2026Joomla 1.2% of all sites · 1.7% of CMS sites W3Techs · 17 Jun 2026Webflow 0.9% of all sites · 1.2% of CMS sites W3Techs · 17 Jun 2026Drupal 0.7% of all sites · 1% of CMS sites W3Techs · 17 Jun 2026No CMS detected 30% of all sites W3Techs · 17 Jun 2026Nginx on 33%–39% of sites W3Techs · Mar–Apr 2026Apache on 24%–29% of sites W3Techs · Mar–Apr 2026LiteSpeed gaining share among web servers W3Techs · Mar–Apr 2026DMARC adoption 937.9K valid records +79% in 3 yrs EasyDMARC · 2026 YTDFortune 500 95% publish DMARC · 80% enforced EasyDMARCFortune 500 62.7% use strict reject policy EasyDMARCInc. 5000 15.2% use strict reject policy EasyDMARCDeal CVC Capital Partners → Namecheap · CVC Capital Partners acquired a majority stake in Namecheap in September 2025, valuing the company at ~$1.5B (including debt). 2025Deal team.blue (Hg-backed) → Loopia Group · team.blue (Hg-backed) acquired Loopia Group (Nordics) in 2025. 2025Deal Miss Group (Perwyn-backed) → Web4U s.r.o. · Perwyn-backed Miss Group acquired Web4U s.r.o. (Prague-based web hosting and domain registration provider) in 2025. This is Miss Group’s 14th acquisition under Perwyn ownership. 2025Deal group.one → Webglobe · group.one acquired Webglobe (Slovakia/Czechia/Serbia) in 2025. 2025Deal hosting.com → FastComet, A2 Hosting · hosting.com (formerly World Host Group) acquired FastComet in April 2025 and A2 Hosting in January 2025, rebranding A2 Hosting under the hosting.com name. 2025Industry stats Updated Jun 2026All domains worldwide 392.5M registered names +6.5% YoY Verisign · Q1 2026.com + .net total 176.1M names in zone Verisign · Q1 2026.com + .net 11.5M newly registered · 76.3% renewed Verisign · Q1 2026Country-code TLDs 146.3M names +2.4% YoY Verisign · Q1 2026New gTLDs 49.6M names · 30.9% renewed +3.7% QoQ Verisign · Q1 2026Legacy gTLDs 20.5M names · 67.6% renewed +14.6% YoY Verisign · Q1 2026WordPress 41.5% of all sites · 59.3% of CMS sites W3Techs · 17 Jun 2026Shopify 5.2% of all sites · 7.5% of CMS sites W3Techs · 17 Jun 2026Wix 4.3% of all sites · 6.1% of CMS sites W3Techs · 17 Jun 2026Squarespace 2.5% of all sites · 3.5% of CMS sites W3Techs · 17 Jun 2026Joomla 1.2% of all sites · 1.7% of CMS sites W3Techs · 17 Jun 2026Webflow 0.9% of all sites · 1.2% of CMS sites W3Techs · 17 Jun 2026Drupal 0.7% of all sites · 1% of CMS sites W3Techs · 17 Jun 2026No CMS detected 30% of all sites W3Techs · 17 Jun 2026Nginx on 33%–39% of sites W3Techs · Mar–Apr 2026Apache on 24%–29% of sites W3Techs · Mar–Apr 2026LiteSpeed gaining share among web servers W3Techs · Mar–Apr 2026DMARC adoption 937.9K valid records +79% in 3 yrs EasyDMARC · 2026 YTDFortune 500 95% publish DMARC · 80% enforced EasyDMARCFortune 500 62.7% use strict reject policy EasyDMARCInc. 5000 15.2% use strict reject policy EasyDMARCDeal CVC Capital Partners → Namecheap · CVC Capital Partners acquired a majority stake in Namecheap in September 2025, valuing the company at ~$1.5B (including debt). 2025Deal team.blue (Hg-backed) → Loopia Group · team.blue (Hg-backed) acquired Loopia Group (Nordics) in 2025. 2025Deal Miss Group (Perwyn-backed) → Web4U s.r.o. · Perwyn-backed Miss Group acquired Web4U s.r.o. (Prague-based web hosting and domain registration provider) in 2025. This is Miss Group’s 14th acquisition under Perwyn ownership. 2025Deal group.one → Webglobe · group.one acquired Webglobe (Slovakia/Czechia/Serbia) in 2025. 2025Deal hosting.com → FastComet, A2 Hosting · hosting.com (formerly World Host Group) acquired FastComet in April 2025 and A2 Hosting in January 2025, rebranding A2 Hosting under the hosting.com name. 2025
Security Incidents & Breaches

ASIO reveals state-backed sabotage plot against Australian infrastructure

Australia’s intelligence agency thwarted a nation-state cyber operation targeting critical infrastructure, designed to enable future sabotage.

ASIO reveals state-backed sabotage plot against Australian infrastructure
panumas nikhomkhai · Pexels

Australia’s Security and Intelligence Organisation (ASIO) has exposed a sophisticated cyber intrusion by nation-state actors targeting the country’s critical infrastructure, revealing plans to disable systems at a time of the attackers’ choosing. The operation, attributed to a foreign government, involved deep network infiltration and credential theft, including those of IT professionals responsible for securing the infrastructure provider’s systems. ASIO’s intervention prevented immediate sabotage but remediation efforts remain ongoing as of June 2026, underscoring the persistent nature of such threats.

What happened

ASIO Director General Mike Burgess revealed in the agency’s annual threat assessment that hackers backed by a foreign state had compromised the network of an Australian critical infrastructure provider. The attackers did not deploy immediate destructive payloads—what Burgess described as "digital dynamite"—but instead focused on mapping the network and maintaining persistent access. Their goal, according to ASIO’s assessment, was to retain the ability to cripple the infrastructure at a future, strategically advantageous moment.

The breach extended beyond initial access. The hackers successfully obtained login credentials for active network users, including IT personnel tasked with defending the system. Burgess emphasized the scale of the threat, noting that Australia is not the sole target. "We struggle to find a single country in our region that has not been compromised by this state’s cyber apparatus," he stated, highlighting the regional scope of the campaign.

ASIO’s response included tracking and attributing the attack, collaborating with the affected company, and initiating remediation efforts. Burgess also announced the formation of dedicated teams within ASIO to counter cyber sabotage, reflecting the growing priority of such threats.

Espionage and counterintelligence

In a separate incident, ASIO disrupted a foreign espionage operation targeting Australia’s military and the AUKUS defense pact. A spy from a foreign intelligence service approached an Australian security clearance holder online, posing as a consultant. The spy paid the official to produce reports on Australia’s relationships with Pacific neighbors, later requesting classified information about AUKUS. The official, growing suspicious, reported the approach to ASIO, which then conducted interviews to gather intelligence on the foreign service’s methods and knowledge gaps.

ASIO escalated the disruption by contacting the spy directly. Using the official’s phone, ASIO officers called the spy in her home country, identifying themselves and demanding an end to the operation. Burgess revealed that ASIO later informed the foreign intelligence service’s leadership about the failed operation, suggesting that the spy may not have reported the incident internally.

Broader threat landscape

Burgess also addressed the evolving nature of terrorism and radicalization in Australia. He noted a shift toward faster, online-driven radicalization, often involving minors and low-capability attacks with minimal warning. Since the December 2025 terrorist attack at Sydney’s Bondi Beach, ASIO has resolved 14 "significant terror-related cases" and disrupted 31 major terrorism plots since 2014. The agency is increasingly adopting artificial intelligence and other advanced tools to navigate this complex security environment.

For professionals

For professionals: Critical infrastructure providers should audit network access controls, particularly for privileged IT accounts. Persistent access by state-backed actors may not trigger immediate alarms, making continuous monitoring and behavioral analysis essential. ASIO’s use of AI tools suggests a growing role for machine-assisted threat detection in countering sophisticated cyber campaigns.

Why it matters

The disclosure underscores the escalating cyber threats facing critical infrastructure globally. Unlike traditional cyber espionage, which focuses on data theft, this operation aimed to enable future sabotage, aligning with broader trends of state-backed actors preparing for kinetic cyber effects. The incident also highlights the intersection of cyber and traditional espionage, as demonstrated by the AUKUS-related operation. For Australia and its allies, the revelations reinforce the need for coordinated defense strategies, particularly in sectors reliant on interconnected digital systems.

Discussion · coming soon

Be the first to join the thread when community discussion launches.