<- Back to Insights
July 9, 2024
Polyfill.io JavaScript supply chain attack impacts over 100K sites
BleepingComputer
|
Contributed by: Drex DeFord
Summary
Over 100,000 websites have been impacted by a supply chain attack involving the Polyfill.io service, used to provide modern browser functionality to older browsers. After the domain was acquired by a Chinese company named Funnull, the script was altered to redirect users to malicious and scam sites. Despite warnings from the original developer to remove the service, many sites continued to use it, leading to widespread malicious redirects. This attack has also affected other third-party web resource providers like Bootcss, Bootcdn, and Staticfile. Google has informed advertisers about the issue, warning that ads pointing to compromised pages could be disapproved. Efforts are being made by companies like Cloudflare and Fastly to offer safer alternatives, and tools like Polykill.io have been created to help identify and replace compromised scripts.
Explore Related Topics