GIGAZINE

Malware infects JavaScript library 'Polyfill.io' affecting over 100,000 websites

Polyfill.io, a JavaScript library that nullifies differences between web browser versions, was infected with malware and used in supply chain attacks after the project owner changed in February 2024, ...
GIGAZINE

The registrar has suspended the domain of the JavaScript library 'Polyfill.io' after it was discovered to be infected with malware.

Domain registrar Namecheap has suspended the domain of Polyfill.io, a JavaScript library that was found to be infected with malware. Namecheap Takes Down Polyfill.io ...
TechRadar

Thousands of websites told to ditch Polyfill service after Chinese hackers hijack it to serve malware

Website administrators are being urged to remove the Polyfill.io service immediately after it was found to be serving malware to site visitors. A polyfill is a piece of code (typically JavaScript) ...
Infosecurity-magazine.com

WordPress Plugins at Risk From Polyfill Library Compromise

WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today. The advisory references a Polyfill supply ...
SiliconANGLE

Supply chain attack compromises 100,000 websites via polyfill.io domain takeover

About 100,000 sites have potentially been compromised in a supply chain attack following an alleged Chinese firm’s takeover of a popular open-source library. The compromise involved the acquisition of ...
Dark Reading

Polyfill.io Supply Chain Attack Smacks Down 100K+ Websites

A domain that more than 100,000 websites use to deliver JavaScript code is now being used as a conduit for a Web supply chain attack that uses dynamically generated payloads, redirects users to ...