VulnHub

Real-time Cybersecurity News

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

SecurityWeek
Actively Exploited
ExploitVulnerability

Overview

A new vulnerability, dubbed 'Underminr', affects around 88 million domains, allowing attackers to hide malicious connections behind trusted domain names. This exploit can bypass DNS filtering mechanisms, making it easier for cybercriminals to manage command-and-control traffic without detection. As a result, organizations that rely on these domains for security may be at greater risk of compromise. The vulnerability raises concerns about the effectiveness of current DNS security measures, as attackers can leverage this flaw to blend in with legitimate traffic. Companies and system administrators are urged to review their DNS filtering strategies to mitigate potential risks associated with this vulnerability.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Approximately 88 million domains that utilize DNS filtering
  • Action Required: Organizations should review and enhance their DNS filtering practices, including monitoring for unusual traffic patterns and considering additional security measures to identify and block hidden command-and-control connections.
  • Timeline: Newly disclosed

Original Article Summary

The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek.

Impact

Approximately 88 million domains that utilize DNS filtering

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should review and enhance their DNS filtering practices, including monitoring for unusual traffic patterns and considering additional security measures to identify and block hidden command-and-control connections.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Vulnerability.

Read Original Article

Related Coverage

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

BleepingComputer

Italian officials have taken action against the CINEMAGOAL app, a piracy tool that illegally provided access to popular streaming services like Netflix, Disney+, and Spotify. The app was reportedly using stolen authentication codes to bypass payment systems, allowing users to access content without subscriptions. This crackdown is significant as it not only protects the intellectual property rights of these streaming platforms but also highlights ongoing challenges in combating online piracy. By dismantling this network, authorities aim to deter similar activities in the future and safeguard legitimate services. The action is part of a broader effort to enforce copyright laws and ensure users are not misled into using illegal services.

May 23, 2026

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News

Anthropic announced that its Project Glasswing has identified over 10,000 high- or critical-severity vulnerabilities in widely-used software since its launch last month. This initiative involves collaboration with around 50 partners and focuses on software deemed systemically important on a global scale. These vulnerabilities pose significant risks to organizations and users relying on this software, potentially exposing them to data breaches or cyberattacks. The findings emphasize the urgent need for software developers and companies to address these flaws promptly to safeguard their systems and users. This proactive approach highlights the role of AI in enhancing cybersecurity efforts.

May 23, 2026

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

The Hacker News

Cybersecurity researchers have identified a software supply chain attack that compromised several PHP packages associated with Laravel-Lang. The affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. These packages were manipulated to deliver a credential-stealing framework that could potentially affect developers and users utilizing these resources. This incident raises concerns about the security of software supply chains, particularly in open-source communities where such packages are widely used. Developers should remain vigilant and review their dependencies to ensure they are not using compromised versions of these packages.

May 23, 2026

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

The Hacker News

A severe security vulnerability has been discovered in the LiteSpeed User-End cPanel Plugin, identified as CVE-2026-48172, which has a maximum CVSS score of 10.0. This flaw allows attackers to exploit incorrect privilege assignments, enabling them to execute arbitrary scripts with root privileges. As a result, any cPanel user, including potential attackers or compromised accounts, can take advantage of this vulnerability. The ongoing exploitation of this flaw poses significant risks to server security and data integrity, making it crucial for affected users to take immediate action. The situation emphasizes the need for vigilance among web hosts and cPanel users to prevent unauthorized access and maintain secure environments.

May 23, 2026

Ubiquiti patches three critical vulnerabilities in UniFi OS

SCM feed for Latest

Ubiquiti has patched three serious vulnerabilities in its UniFi OS, labeled CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. These flaws could allow unauthorized users to make system changes, access sensitive system files through path traversal, and execute commands remotely via command injection. This is a significant concern for users of UniFi OS, as it could lead to unauthorized access and control over network devices. Ubiquiti is urging all users to apply the updates as soon as possible to protect their systems from potential exploitation. Given the nature of these vulnerabilities, companies using UniFi OS should prioritize updating their systems to ensure their networks remain secure.

May 22, 2026

Cisco warns of AI inaccuracies in security incident reports

SCM feed for Latest

Cisco's recent research has raised concerns about the reliability of AI-generated security incident reports. The study found that large language models (LLMs) can produce inconsistent results, even when querying the same data. This variability can lead to confusion and mistakes in understanding security incidents, which is critical for organizations relying on accurate reporting for their security posture. The findings suggest that companies using AI for cybersecurity reporting need to be cautious and verify the data produced by these systems, as discrepancies could hinder effective incident response. As AI becomes more integrated into security operations, ensuring its accuracy will be vital for maintaining trust and effectiveness in cybersecurity efforts.

May 22, 2026