A threat actor has found a new way to evade phishing detection defenses: Manipulate the .arpa top-level domain (TLD) and IPv6-to-IPv4 tunneling to host phishing content on domains that shouldn’t resolve to an IP address.  For the uninitiated, the .arpa domain is an Address and Routing Parameter Area domain meant to be used exclusively for internet infrastructure purposes. Primarily this is for mapping IP addresses to domains, providing reverse records. However, according to a report from Infoblox, a threat actor discovered a feature in the DNS record management control of at least one provider that allows them to, instead of adding the expected PTR records, create A records for the reverse D...