'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains (securityweek.com)
(Sunday May 24, 2026 @03:34AM (EditorDavid)
from the alternate-routing dept.)
- Reference: 0183361338
- News link: https://tech.slashdot.org/story/26/05/24/0043256/underminr-cdn-vulnerability-hides-malicious-traffic-behind-trusted-domains
- Source link: https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/
Slashdot reader [1]wiredmikey writes:
> Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly [2]88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.
Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," [3]writes SecurityWeek , "while forcing a request to the IP address of another tenant on the same shared edge."
> The mismatch, [4]ADAMnetworks reports , has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting...
>
> Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.
[1] https://www.slashdot.org/~wiredmikey
[2] https://underminr.ai/about/
[3] https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/
[4] https://support.adamnet.works/t/underminr-information-share-official-release/1584
> Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly [2]88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.
Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," [3]writes SecurityWeek , "while forcing a request to the IP address of another tenant on the same shared edge."
> The mismatch, [4]ADAMnetworks reports , has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting...
>
> Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.
[1] https://www.slashdot.org/~wiredmikey
[2] https://underminr.ai/about/
[3] https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/
[4] https://support.adamnet.works/t/underminr-information-share-official-release/1584