SecurityWeek

Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys

Censys has discovered more than 380,000 hosts, including major platforms, still referencing the malicious polyfill.io domain. JavaScript scripts referencing the recently suspended polyfill.io domain ...
thecyberexpress

Polyfill Supply Chain Attack Could Affect 4% of the Web; Shutdowns, DDoS Attacks Among Spillover

Claims, counterclaims, website shutdowns, redirections and DDoS attacks were among the highlights (or lowlights) as news of the Polyfill supply chain attack entered its second day. After Polyfill(.)io ...
Bleeping Computer

Polyfill claims it has been 'defamed', returns after domain shut down

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 ...
Security Boulevard

Polyfill – Additional Analysis and Discovery: Signs of PII and Credential Harvesting, Broad Exposure through Digital Supply Chain

In the past 48 hours, the cybersecurity community has been reporting on a significant incident involving Polyfill[.]io, a widely used JavaScript CDN service. First reports by Sansec flagged the ...
Security Boulevard

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know

In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised.
theregister

If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately

The polyfill.io domain is being used to infect more than 100,000 websites with malicious code after what's said to be a Chinese organization bought the domain earlier this year, researchers have said.
GitHub

jsDelivr CDN SSL certificate error

Do you recommend any specific steps to circumvent or fix this issue temporarily while a permanent solution is being worked on? Is there an alternative CDN or method of accessing the library that you ...