Overview
ADAMnetworks have uncovered a vulnerability in the implementation of internet-bound connections involving large scale hosting providers that can be exploited by attackers to circumvent security and evade detection when connecting to C2 or exfiltrate data. This is under active exploitation and could be scaled by AI orchestrated malware campaigns to overwhelm defenses worldwide. The effects bear similarity to Domain Fronting which was essentially neutralized in 2018, but uses new TTPs which makes it mostly invisible to defenders and hosting providers that already neutralized legacy domain fronting. This exploit allows trusted domains to be abused by APTs and Malicious actors as part of an attack chain with impunity.
We are in the process of responsible disclosure and are collaborating with industry technology providers and defenders.
Current public release date is set for 21 May 2026 09:05 EDT