A major supply chain attack on Polyfill.io has compromised over 110,000 websites, prompting urgent cybersecurity measures and industry-wide responses.
A significant supply chain attack has compromised over 110,000 websites using the Polyfill.io service, according to a recent report. The attack follows the acquisition of the Polyfill.io domain by the Chinese company Funnull, which modified the JavaScript library (polyfill.js”) to redirect users to malicious sites.
Polyfill.io is a popular JavaScript library that enables modern web features in older browsers. Earlier this year, concerns emerged when Funnull, a China-based content delivery network company, acquired the domain. The original creator, Andrew Betts, urged website owners to stop using the library, citing security risks.
Cybersecurity firms Cloudflare and Fastly responded by offering alternative endpoints to help users migrate away from Polyfill.io. Researchers at Cloudflare highlighted the risks of embedding links to the compromised domain, emphasizing the potential for widespread supply chain attacks.
Sansec reported that the domain cdn.polyfill.io” has been injecting malware, redirecting users to sports betting and pornographic sites. The malicious code is designed to evade detection, activating only under specific conditions and avoiding admin users and web analytics.
Google has blocked ads for e-commerce sites using Polyfill.io, while other web infrastructure providers are assisting users in migrating to safer alternatives. The attack underscores the urgent need for robust cybersecurity measures in managing third-party software dependencies.
The Polyfill supply chain attack highlights the vulnerabilities in web security and the importance of vigilant cybersecurity practices. As the industry responds to this incident, affected website owners are urged to remove the compromised library and adopt safer alternatives to protect their users.
In Other News:
- LockBit Claims Major Breach, Steals 33TB from U.S. Federal Reserve!
- Massive Cyber Attack Hits NHS Synnovis, Exposes Sensitive Data!
- Hackers Exploit WordPress Plugins, Take Over Website Admins!
- Toys ‘R’ Us Faces Backlash Over ‘Creepy’ AI-Generated Ad Highlighting Tech’s Flaws
- SoftBank Invests $3 Billion in AI Startup Perplexity, Boosts Japan Tech Ties
- Lockbit 3.0 Cyberattack Disrupts Indonesia’s National Data Center!
- Cyberattack Forces North American Car Dealerships to Operate Manually.
Hey Wait!
Stay informed on the latest technology trends by following VPNRanks news! As your primary resource for updates in the tech world, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life and staying ahead of tech trends!
