Industry stats Updated Jun 2026 All domains worldwide 392.5M registered names +6.5% YoY Verisign · Q1 2026 .com + .net total 176.1M names in zone Verisign · Q1 2026 .com + .net 11.5M newly registered · 76.3% renewed Verisign · Q1 2026 Country-code TLDs 146.3M names +2.4% YoY Verisign · Q1 2026 New gTLDs 49.6M names · 30.9% renewed +3.7% QoQ Verisign · Q1 2026 Legacy gTLDs 20.5M names · 67.6% renewed +14.6% YoY Verisign · Q1 2026 WordPress 41.5% of all sites · 59.3% of CMS sites W3Techs · 17 Jun 2026 Shopify 5.2% of all sites · 7.5% of CMS sites W3Techs · 17 Jun 2026 Wix 4.3% of all sites · 6.1% of CMS sites W3Techs · 17 Jun 2026 Squarespace 2.5% of all sites · 3.5% of CMS sites W3Techs · 17 Jun 2026 Joomla 1.2% of all sites · 1.7% of CMS sites W3Techs · 17 Jun 2026 Webflow 0.9% of all sites · 1.2% of CMS sites W3Techs · 17 Jun 2026 Drupal 0.7% of all sites · 1% of CMS sites W3Techs · 17 Jun 2026 No CMS detected 30% of all sites W3Techs · 17 Jun 2026 Nginx on 33%–39% of sites W3Techs · Mar–Apr 2026 Apache on 24%–29% of sites W3Techs · Mar–Apr 2026 LiteSpeed gaining share among web servers W3Techs · Mar–Apr 2026 DMARC adoption 937.9K valid records +79% in 3 yrs EasyDMARC · 2026 YTD Fortune 500 95% publish DMARC · 80% enforced EasyDMARC Fortune 500 62.7% use strict reject policy EasyDMARC Inc. 5000 15.2% use strict reject policy EasyDMARC Deal CVC Capital Partners → Namecheap · CVC Capital Partners acquired a majority stake in Namecheap in September 2025, valuing the company at ~$1.5B (including debt). 2025 Deal team.blue (Hg-backed) → Loopia Group · team.blue (Hg-backed) acquired Loopia Group (Nordics) in 2025. 2025 Deal Miss Group (Perwyn-backed) → Web4U s.r.o. · Perwyn-backed Miss Group acquired Web4U s.r.o. (Prague-based web hosting and domain registration provider) in 2025. This is Miss Group’s 14th acquisition under Perwyn ownership. 2025 Deal group.one → Webglobe · group.one acquired Webglobe (Slovakia/Czechia/Serbia) in 2025. 2025 Deal hosting.com → FastComet, A2 Hosting · hosting.com (formerly World Host Group) acquired FastComet in April 2025 and A2 Hosting in January 2025, rebranding A2 Hosting under the hosting.com name. 2025 Industry stats Updated Jun 2026 All domains worldwide 392.5M registered names +6.5% YoY Verisign · Q1 2026 .com + .net total 176.1M names in zone Verisign · Q1 2026 .com + .net 11.5M newly registered · 76.3% renewed Verisign · Q1 2026 Country-code TLDs 146.3M names +2.4% YoY Verisign · Q1 2026 New gTLDs 49.6M names · 30.9% renewed +3.7% QoQ Verisign · Q1 2026 Legacy gTLDs 20.5M names · 67.6% renewed +14.6% YoY Verisign · Q1 2026 WordPress 41.5% of all sites · 59.3% of CMS sites W3Techs · 17 Jun 2026 Shopify 5.2% of all sites · 7.5% of CMS sites W3Techs · 17 Jun 2026 Wix 4.3% of all sites · 6.1% of CMS sites W3Techs · 17 Jun 2026 Squarespace 2.5% of all sites · 3.5% of CMS sites W3Techs · 17 Jun 2026 Joomla 1.2% of all sites · 1.7% of CMS sites W3Techs · 17 Jun 2026 Webflow 0.9% of all sites · 1.2% of CMS sites W3Techs · 17 Jun 2026 Drupal 0.7% of all sites · 1% of CMS sites W3Techs · 17 Jun 2026 No CMS detected 30% of all sites W3Techs · 17 Jun 2026 Nginx on 33%–39% of sites W3Techs · Mar–Apr 2026 Apache on 24%–29% of sites W3Techs · Mar–Apr 2026 LiteSpeed gaining share among web servers W3Techs · Mar–Apr 2026 DMARC adoption 937.9K valid records +79% in 3 yrs EasyDMARC · 2026 YTD Fortune 500 95% publish DMARC · 80% enforced EasyDMARC Fortune 500 62.7% use strict reject policy EasyDMARC Inc. 5000 15.2% use strict reject policy EasyDMARC Deal CVC Capital Partners → Namecheap · CVC Capital Partners acquired a majority stake in Namecheap in September 2025, valuing the company at ~$1.5B (including debt). 2025 Deal team.blue (Hg-backed) → Loopia Group · team.blue (Hg-backed) acquired Loopia Group (Nordics) in 2025. 2025 Deal Miss Group (Perwyn-backed) → Web4U s.r.o. · Perwyn-backed Miss Group acquired Web4U s.r.o. (Prague-based web hosting and domain registration provider) in 2025. This is Miss Group’s 14th acquisition under Perwyn ownership. 2025 Deal group.one → Webglobe · group.one acquired Webglobe (Slovakia/Czechia/Serbia) in 2025. 2025 Deal hosting.com → FastComet, A2 Hosting · hosting.com (formerly World Host Group) acquired FastComet in April 2025 and A2 Hosting in January 2025, rebranding A2 Hosting under the hosting.com name. 2025
Security Vulnerabilities Cybersecurity and Infrastructure Security Agency

Nine nations warn of Russian router attacks on infrastructure

US and allies issue joint advisory on state-backed hackers targeting misconfigured routers.

Nine nations warn of Russian router attacks on infrastructure
panumas nikhomkhai · Pexels

Cybersecurity authorities from nine countries have jointly warned that Russian state hackers are exploiting poorly secured and misconfigured routers to gain access to critical infrastructure networks. The advisory, issued by agencies including the US Cybersecurity and Infrastructure Security Agency (CISA), highlights ongoing campaigns targeting energy, water, and communications sectors across multiple jurisdictions. No specific breaches or outages were disclosed in the alert, but the agencies noted that compromised routers are being used as initial entry points for broader network infiltration.

What the advisory covers

The joint statement outlines tactics, techniques, and procedures (TTPs) observed in recent attacks, including the use of default credentials, unpatched firmware, and weak remote administration settings. It provides a set of recommended mitigations, such as disabling unnecessary services, enforcing multi-factor authentication for administrative access, and segmenting router management interfaces from operational networks. The advisory does not name any affected vendors or models but emphasizes that the risk applies to both enterprise-grade and consumer-grade devices.

What remains unclear

The timing of the advisory’s release was not specified in the source material. While the agencies confirmed the attacks are ongoing, they did not disclose whether recent incidents prompted the alert or if it reflects a shift in threat intelligence. Additionally, the advisory does not indicate whether the targeted infrastructure operators have been notified privately prior to the public release. The absence of named victims or vendors leaves operators without specific indicators of compromise to cross-reference against their own environments.

Companies mentioned

Cybersecurity and Infrastructure Security Agency

Discussion · coming soon

Be the first to join the thread when community discussion launches.