Polyfill.io JavaScript supply chain attack impacts over 100K sites
(www.bleepingcomputer.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 25 Jun 2024 22:58
https://lemmy.zip/post/18019092
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 25 Jun 2024 22:58
https://lemmy.zip/post/18019092
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.
threaded - newest
With uMatrix, I was able to simply search my rules for polyfill and remove all entries that came up. And now, no polyfill scripts will be loaded for me.
Is it supply chain when they just take over polyfill
Not their supply chain, everyone else’s.