polyfill.io domain attempted a supply chain attack

Jun 28, 2024

Visual Ehrmanntraut

CEO

The polyfill (dot) io domain that’s been used in more than 100000 sites has attempted a supply chain attack and injects malicious code.

Please monitor suspicious activity on your accounts, system, etc.

Note that the polyfill (dot) io domain was never official in the first place, and was bought by a company in China at one point.

Developers: Use a reputable CDN.

Polyfill supply chain attack hits 100K+ sites sansec.io

The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.

Build software better, together github.com

GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.

Tags:

• Public hazard
• Supply chain attack
• Malware

UEFIcanhazbufferoverflow: A Phoenix SecureCore vulnerability