Techly NewsGet the app

Get the latest tech news

Over 100K+ Sites Hit by Polyfill.io Supply Chain Attack


E-Commerce security firm Sansec unveiled a new supply chain attack affecting the Polyfill JS service when accessed through a number of CDNs hosting it. According to Sansec, over 100K sites were hit. The original author of the service, Andrew Betts, suggested removing Polyfill from any sites using it.

Sansec detected a specific malware redirecting mobile users to a sports betting site using a pseudo-Google Analytics domain ( www.googie-anaiytics.com), but we do not know yet if additional variants do exist. The original creator of the service, Andrew Betts, has denied any affiliation with the polyfill.io domain or involvement with its sale. Betts observed in his X thread that domains serving popular JS scripts are a "huge security concern" since they can access or modify all the websites using them:

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Sites

Sites

Photo of Supply chain attack

Supply chain attack

Photo of 100k+

100k+

Related news:

News photo

Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack

News photo

Plugins on WordPress.org backdoored in supply chain attack

News photo

Chrome for Android tests feature that securely verifies your ID with sites

« Optery (YC W22) Is Hiring Product Manager and Full Stack Developer (Node.js)
Diagonalism, the Cosmic Right and the Conspiracy Smoothie »