Polyfill.io Supply Chain Attack

Read Time:43 Second

What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality. Earlier this year, the polyfill.io domain was purchased, and the script was modified to redirect users to malicious and scam sites.What is the recommended Mitigation?Given the confirmed malicious operations, owners of websites using polyfill.io are advised to remove it immediately and search their code repositories for instances of polyfill.io. Users are also advised to consider using alternate services provided by Cloudflare and Fastly.What FortiGuard Coverage is available?FortiGuard Labs’ research team is investigating the coverage and has blocked all the known Indicators of compromise (IoCs).

Generated by Feedzy

Cyber Security News

Europol Warns of Home Routing Challenges For Lawful Interception

Meta Faces Suspension of AI Data Training in Brazil

Volcano Demon ransomware group rings its victims to extort money

Over $1bn in Cryptocurrency Lost to Web3 Cyber Incidents in 2024

Gamers’ Data Exposed in RPG Platform Roll20 Breach

New Ransomware Group Phones Execs to Extort Payment

UK’s NCA Leads Major Cobalt Strike Takedown

Smashing Security podcast #379: Private nights, evil twins, and crypto home invasions

The Not-So-Secret Network Access Broker x999xx

yarnpkg-1.22.22-2.fc40

pgadmin4-7.8-7.fc39

USN-6879-1: Virtuoso Open-Source Edition vulnerabilities

USN-6866-2: Linux kernel (Azure) vulnerabilities

USN-6865-2: Linux kernel (Azure) vulnerabilities

USN-6870-2: Linux kernel (AWS) vulnerabilities