July 5, 2024 at 01:06AM A supply chain attack on the widely-used Polyfill[.]io JavaScript library has affected over 380,000 hosts, including prominent companies like WarnerBros, Hulu, Mercedes-Benz, and Pearson. The attack involved code modifications redirecting users to adult and gambling websites. The incident led to domain suspensions, content delivery network actions, and warnings of broader … Read more
July 1, 2024 at 06:42AM Code libraries are essential for adding standardized functionality to a project, but they can also be vulnerable to supply chain attacks. Polyfill.io, a JavaScript enhancement service, was accused of distributing malware, raising concerns about the security of third-party libraries and the potential impact on user security. The incident highlights the … Read more
June 28, 2024 at 05:48AM The polyfill.io domain was suspended due to reports of malicious activity, with the Chinese owner claiming defamation. The domain was used to host polyfills, but reports of potential supply chain risks surfaced. Industry players like Google and Cloudflare took action, redirecting links and warning users. Funnull, the Chinese content delivery … Read more
June 27, 2024 at 11:56PM After its website shutdown, Polyfill.io’s owner battles accusations of distributing suspicious code on various websites. Anger-fueled social media posts target CDN titan Cloudflare and media for “malicious defamation.” Experts and a domain registrar warn of supply chain risks. The site has relocated to polyfill[.]com. Cloudflare also launches a JavaScript URL … Read more