Mastodawn

CDN Vulnerability 'Underminr' Enables Hidden Malicious Traffic via Trusted Domains

📰 Original title: 'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains

🤖 IA: It's not clickbait ✅
👥 Users: It's not clickbait ✅

View full AI summary: https://en.killbait.com/cdn-vulnerability-underminr-enables-hidden-malicious-traffic-via-trusted-domains.html?utm_source=mastodon_world&utm_medium=social&utm_campaign=killbait.mastodon_world

#computing #cdnvulnerability #cybersecurit...

CDN Vulnerability 'Underminr' Enables Hidden Malicious Traffic via Trusted Domains

Security researchers have disclosed a serious vulnerability in shared content delivery network (CDN) infrastructure dubbed “Underminr,” which allows attackers to conceal malicious communications behind legitimate, trusted domains. The flaw affects an estimated 88 million domains and undermines key security mechanisms such as DNS filtering and protective DNS services. At the core of the issue is a mismatch between the Server Name Indication (SNI) and HTTP Host headers versus the actual IP address being contacted. In practice, attackers can present a legitimate domain in the SNI and HTTP Host fields while routing traffic to the IP address of a different tenant hosted on the same shared CDN edge infrastructure. This behavior effectively enables traffic to appear trustworthy while being redirected to malicious or unintended destinations. Security analysts note that the exploit resembles and expands on earlier domain fronting techniques, which were historically used to bypass censorship and network restrictions. However, “Underminr” goes further by exploiting shared CDN edge configurations, making detection significantly harder for traditional network security tools. Reports indicate that the vulnerability has already been leveraged in real-world attacks targeting large hosting providers, even those that have deployed mitigations against similar abuse patterns. Beyond immediate exploitation, researchers warn of broader implications, especially as threat actors increasingly integrate artificial intelligence into malware development. Experts suggest that once techniques like Underminr are incorporated into AI-generated attack chains, they could become widespread in malware designed specifically to evade protective DNS systems and other network defenses. This raises concerns about large-scale stealth command-and-control infrastructures that are difficult to detect or block using conventional security approaches.

KillBait

Dan Stafford Apr 24

#mwgic #2026 #Firefox #AI #CyberSecurit

https://www.wired.com/story/mozilla-used-anthropics-mythos-to-find-271-bugs-in-firefox/

Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox

The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition.

WIRED

Reddit Tech VN Bot Jan 22

Mới ra mắt dự án phụ, chỉ vài giờ nhận email “pay me or I disclose” từ một “security researcher”. Họ chỉ ra DMARC chưa reject, SPF ~all và đòi bounty, rồi đe dọa công khai trong 24h. Tác giả: không có người dùng, không có dữ liệu, chỉ là MVP. Kết luận: không phải mọi email bảo mật đều có trách nhiệm; DMARC mặc định không nghiêm trọng; báo cáo thực sự cần chi tiết kỹ thuật, không kèm đe dọa; “pay me or I go public” là red‑flag. #security #bounty #sideproject #bảo_mật #dự_án #startup #cybersecurit

CyberNetsecIO Jan 15

📰 Massive Unsecured Database Leaks Personal, Health, and Financial Data of 45 Million French Citizens

🤯 A massive data leak has exposed the personal, health, and financial records of 45 MILLION French citizens. An unsecured cloud server held aggregated data from multiple breaches, including IBANs and medical info. #DataBreach #Privacy #CyberSecurit...

🔗 https://cyber.netsecops.io/articles/massive-data-leak-exposes-records-of-45-million-french-citizens/?utm_source=mas…

Massive Unsecured Database Leaks Personal, Health, and Financial Data of 45 Million French Citizens

An unsecured cloud server has led to a massive data leak exposing the sensitive personal, healthcare, and financial records of approximately 45 million French citizens. Learn about the aggregated data and the impact.

CyberNetSec.io

hubertf Dec 6, 2025

Weekends are for wargames

#ctf #cybersecurit #wargames #pwn

Theevolvedge Dec 6, 2025

Best OT/ICS Cybersecurity training in Delhi NCR and In INDIA
#OTSecurity #ICSCybersecurity #DCS #IEC62443 #NozomiNetworks #IndustrialCybersecurity #SCADA #PLC #CyberSecurit #SCADASecurity #itprofessionals
Visit - www.theevolvedge.com
mail - [email protected]
phone no- +917982403420
+919311805027

Manuel 'HonkHase' Atug Nov 28, 2025

Für die @AG_KRITIS war ich auf der Handelsblatt Live Tagung #Cybersecurit, 2025 und habe im Interview ein "Update KRITIS & Cybersecurity" gegeben mit Blick aus dem Maschinenraum und Möglichkeiten der unaufgeregten Umsetzung von gelebter Sicherheit.

#KRITIS #NIS2 #KritisDachG

Credence Research Europe LTD Oct 4, 2025

The Identity Verification Market is projected to grow from USD 11.08B in 2024 to USD 29.25B by 2032, at a CAGR of 12.9%.

Leading companies: TransUnion, IDEMIA, Mitek Systems, Equifax, GB Group, Acuant.

Growth driven by digital banking, AI, biometric technology, and compliance regulations.

Read the full report here: https://www.credenceresearch.com/report/identity-verification-market

#IdentityVerification #DigitalSecurity #Biometrics #AI #CyberSecurit

𝕯𝖔𝖔𝖒𝖘𝖈𝖗𝖔𝖑𝖑™Aug 25, 2025

🤖🍔🔓 Wanna flip burgers? First you gotta face Olivia, the AI bot at McD’s. Only problem? Hackers cracked her wide open with “123456” and found millions of job apps spilling out. Names, numbers, résumés, all there for the taking. Dystopia with fries on the side. #CyberSecurit https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/

McDonald’s AI Hiring Bot Exposed Millions of Applicants' Data to Hackers Using the Password ‘123456’

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

WIRED

Privacity Aug 29, 2024

New note by cybersecurity
https://poliverso.org/display/0477a01e-2666-d089-b882-df5958108408
Ecco come il tilt informatico di Windows pesa su CrowdStrike startmag.it/cybersecurity/ecco…@Informatica (Italy e non Italy 😁)CrowdStrike, la società americana di software responsabile dell’interruzione di Internet globale dello scorso luglio, stimata come la più grande interruzione IT della storia, taglia le previsioni per gli utili. Tutti i dettagliL'articolo proviene dalla sezione #Cybersecurit

Cybersecurity & cyberwarfare

*Ecco come il tilt informatico di Windows pesa su CrowdStrike* @Informatica (Italy e non Italy 😁) CrowdStrike, la società americana di software responsa...