Researchers at ADAMnetworks have identified a new exploit called "Underminr," which builds on the older "domain fronting" technique to allow attackers to hijack trusted website identities by exploiting gaps between DNS and CDN systems. By manipulating specific fields in web requests, attackers can route malicious traffic through reputable domains, evading security detection while damaging the brand reputation of legitimate sites. The vulnerability affects approximately 42% of websites globally (51% in the US), and the primary mitigation recommended is moving at-risk domains to CDNs that practice "bucketizing" — grouping domains by reputation to prevent malicious sites from sharing IP addresses with trusted ones.
