‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek.
Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains.
Dubbed Underminr, the issue is a variant of domain fronting, a now-mitigated type of attack that enabled threat actors to place an allowed domain in the SNI and TLS certificate validation fields of an HTTPS request, while embedding a different target domain in the TLS tunnel’s encrypted HTTP host header.
Because CDNs routed requests internally based on the host headers, the request reached the hidden destination, while traffic would appear to be going to a reputable front domain.
Related breach coverage
- Critical Vulnerability Exposes Industrial Robot Fleets to Hacking2026-05-19
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek.
- Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking2026-05-21
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek.
- Cisco Patches Critical Vulnerability in Secure Workload2026-05-21
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek.
- PoC Released for DirtyDecrypt Linux Kernel Vulnerability2026-05-19
Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root. The post PoC Released for DirtyDecrypt Linux Kernel Vulnerability appeared first on SecurityWeek.