nerd

24 May 2026

Slashdot

'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains

Slashdot reader wiredmikey writes: Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks. Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," writes SecurityWeek, "while forcing a request to the IP address of another tenant on the same shared edge." The mismatch, ADAMnetworks reports, has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting... Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.

Hacker News

Amazon Web Services – Four Years and Out

Comments

24 May 2026 4:51am GMT

Why is Vivado 2026.1 dropping Linux support for free tier?

Comments

24 May 2026 4:14am GMT

The C64 Dead Test Font

Comments

24 May 2026 3:57am GMT

Slashdot

Tesla's Electric Cybercab is Certified as the Most Efficient EV Ever

Tesla's upcoming Cybercab "has been certified at 165 Wh/mi," reports Electrek - which makes it "the most efficient electric vehicle ever produced - by a wide margin." The next most efficient EV on the market, the Lucid Air Pure, consumes 28% more energy per mile. Tesla VP of Vehicle Engineering Lars Moravy confirmed the figure, which represents a certified rating - not a marketing claim or internal target. It's an impressive achievement, but it comes with a massive asterisk: Tesla accomplished this by building a tiny two-seat robotaxi with no steering wheel, no pedals, and a sub-50 kWh battery pack... Even Tesla's own Model 3 - one of the most efficient passenger EVs you can buy - needs nearly a third more energy to cover the same distance... Where the 165 Wh/mi figure genuinely matters is in the economics of running a robotaxi fleet. Energy cost per mile is one of the biggest operating expenses for any ride-hailing service, and the Cybercab's efficiency gives Tesla a structural cost advantage over competitors... The small battery pack also means faster charging times and lower per-vehicle battery costs - both critical for fleet economics. Tesla has said the Cybercab will cost $30,000, and the efficient powertrain is a big part of hitting that price target. Tesla confirmed Cybercab production has started at Giga Texas in April, though the ramp is expected to be slow initially. The company still hasn't solved unsupervised autonomous driving - the first steering wheel-less unit rolled off the line in February, but Tesla's supervised robotaxi fleet currently crashes at roughly four times the rate of human drivers.

Linus Torvalds on How AI is Impacting the Hunt for Linux Kernel Bugs

Linus Torvalds spoke this week at the Linux Foundation's Open Source Summit North America, reports ZDNet - and described how AI is impacting Linux kernel development: "In the last six months, we've seen a lot more commits," Torvalds noted, estimating that "the last two releases, it's been about 20% more commits than we had in the previous releases over many years.... The real change that happened in the last six months was that the AI tools actually got good enough for a lot of people... we're seeing a definite uptick in just development on pretty much all fronts...." On the positive side, he framed AI-discovered bugs as "short-term pain" with long-term benefits: "When AI finds a bug in any source code... long term is you found a bug, we fixed it, that the end result is better for it." After all, he continued, "I think finding bugs is great, because the real problem is all the bugs you didn't find..." For small teams or solo maintainers, he said, flood-style AI bug reports can cause real burnout, especially when "it's a bug report, and when you ask for more information, the person has done a drive-by and doesn't even answer your questions anymore." The AI news site Techstrong notes this quote from Torvalds. "I have a love-hate relationship with AI. I actually really like it from a technical angle, I love the tools, I find it very useful and interesting, but it is definitely causing pain points." The chief challenge with AI is that it forces people to change how they work, he found. People get into a rut, and AI challenges their norm. The Linux security mailing list got the brunt of this new wave of AI-generated commits. Not all bugs are security issues, but when "people think that when they find a bug with AI, the first reaction seems to sometimes be let's send it to the security list, because this may have security implications," Torvalds said. As a result, the security list - watched over by a small group of maintainers - was overrun by duplicate entries... The Linux project learned to manage the bug influx with a set number of tools to sort out and deprioritize the obvious drive-by reports (ones where the person submitting the report won't even answer any questions). One tool, Sashiko, reviews all the patches submitted on the mailing list. "Sometimes the review is not great, but quite often it finds issues and it asks questions and says, 'Hey, what about this issue?'" he said. Linux also updated their documentation, partly just to address "an uptick in bug and security reports from discoveries made in full or in part with AI."