ウェブブラウザのバージョン間の違いを無効化するJavaScriptライブラリ「Polyfill.io」が、2024年2月のプロジェクトオーナー変更後、マルウェアが混入されてサプライチェーン攻撃に利用され、10万以上のサイトに影響が出ています。 Polyfill supply chain attack hits 100K ...

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 ...

Polyfill.io, a JavaScript library that nullifies differences between web browser versions, was infected with malware and used in supply chain attacks after the project owner changed in February 2024, ...

マルウェアが混入されていることが発覚したJavaScriptライブラリ「Polyfill.io」のドメインを、ドメイン登録事業者のNamecheapが ...

Domain registrar Namecheap has suspended the domain of Polyfill.io, a JavaScript library that was found to be infected with malware. Namecheap Takes Down Polyfill.io ...

The recent supply chain attack targeting the popular Polyfill.io JavaScript library is significantly larger than first thought. New research from Censys reveals that over 380,000 web servers worldwide ...

About 100,000 sites have potentially been compromised in a supply chain attack following an alleged Chinese firm’s takeover of a popular open-source library. The compromise involved the acquisition of ...

WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today. The advisory references a Polyfill supply ...

UPDATE 6/28: Domain registrar Namecheap has shut down the Polyfill .io domain, thereby eliminating the previous issue posed to almost 500,000 websites, web security firm C/Side CEO Simon Wijckmans ...