32
Polyfill.io JavaScript supply chain attack impacts over 100K sites (www.bleepingcomputer.com)
submitted 5 days ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
3 comments fedilink hide all child comments

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.

top 3 comments
sorted by: hot top controversial new old
[-] ryannathans@aussie.zone 5 points 4 days ago

Is it supply chain when they just take over polyfill

[-] Ajen@sh.itjust.works 2 points 2 days ago

Not their supply chain, everyone else's.

[-] Quacksalber@sh.itjust.works 5 points 4 days ago* (last edited 4 days ago)

With uMatrix, I was able to simply search my rules for polyfill and remove all entries that came up. And now, no polyfill scripts will be loaded for me.

this post was submitted on 25 Jun 2024
32 points (100.0% liked)

Cybersecurity

4952 readers
105 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social