Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys

July 3, 2024 at 09:57AM Censys reports over 380,000 internet-exposed hosts with JavaScript scripts referencing the suspended polyfill.io domain. Following its suspension for malicious activities, over 100,000 websites were affected, prompting industry responses. Censys now identifies 384,773 hosts still referencing the domain. Further concerns arise about other potentially compromised domains controlled by the same threat … Read more

Cloudflare: We never authorized polyfill.io to use our name

June 27, 2024 at 05:25AM Cloudflare issues a warning about the unauthorized usage of its name and logo on Polyfill.io, as the latter was involved in a supply chain attack injecting malware on websites. Cloudflare automatically replaces polyfill.io links with safe ones for user safety. An automatic URL rewriting service has been released for Cloudflare … Read more

Polyfill Supply Chain Attack Hits Over 100k Websites 

June 26, 2024 at 07:07AM Over 100,000 websites have been targeted by a supply chain attack injecting malware through a Polyfill domain, as reported by SecurityWeek. Based on the meeting notes, it appears that a supply chain attack involving the injection of malware through a Polyfill domain has impacted over 100,000 websites. This information was … Read more

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

June 26, 2024 at 01:01AM Google has blocked ads for e-commerce sites using Polyfill.io due to a supply chain attack. The Chinese company Funnull acquired the domain and altered the JavaScript library to redirect users to malicious sites, impacting over 110,000 sites. Concerns have been raised about the security and maintenance of the library, prompting … Read more

Polyfill.io JavaScript supply chain attack impacts over 100K sites

June 25, 2024 at 02:12PM The Polyfill.io service, used by over 100,000 sites, was compromised in a supply chain attack after being acquired by a Chinese company, leading to injection of malicious code. Cloudflare and Fastly set up mirrors to mitigate the risk, and Google warned advertisers of the issue impacting landing pages and causing … Read more