TechSpot

Over 100,000 websites compromised after Polyfill.io gets exploited by Chinese company

In context: Polyfills are snippets of JavaScript code that provide modern features on older web browsers. There's nothing wrong with polyfills per se, but miscreants and cyber-criminals can easily ...
CSOonline

Formerly legitimate Polyfill.io domain abused to serve malicious code

A site formerly used to host a service geared towards adding JavaScript polyfills to web pages to ensure compatibility with older browsers is being abused to serve malicious scripts as part of a ...
Bleeping Computer

Cloudflare: We never authorized polyfill.io to use our name

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website ...
Ars Technica

384,000 sites pull code from sketchy code library recently bought by Chinese firm

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript ...
Bleeping Computer

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has ...