Hackers Exploit Shared CDNs to Evade Domain Reputation Filters

The report details a newly identified technique called “Underminr” where attackers abuse shared CDN multiplexing and SNI/Host header handling to hide malicious backends behind trusted domains, allowing phishing, malware delivery, and stealthy C2 channels; active exploitation has been reported, multiple major CDN providers are affected, and mitigations focus on deeper inspection, behavioral analytics, and CDN configuration reviews.