security.nl

Supplychain-aanval Polyfill.io injecteert malware op honderdduizend websites

Honderdduizend websites die gebruikmaken van code afkomstig van Polyfill.io zijn het slachtoffer van een supplychain-aanval geworden, waarbij er malware op hun sites wordt geïnjecteerd. Dat melden ...
GitHub

babel-polyfill doesn't exist

Come to think of it: the issues for npm and pure JS users are technically the same: If they already have babel-polyfill installed, it would cause the same problem as for npm users who already have it ...
GIGAZINE

Malware infects JavaScript library 'Polyfill.io' affecting over 100,000 websites

Polyfill.io, a JavaScript library that nullifies differences between web browser versions, was infected with malware and used in supply chain attacks after the project owner changed in February 2024, ...
Computing

Over 380,000 web hosts affected by Polyfill attack

The recent supply chain attack targeting the popular Polyfill.io JavaScript library is significantly larger than first thought. New research from Censys reveals that over 380,000 web servers worldwide ...
techzine.nl

Cloudflare lust alle Pollyfill.io-verwijzingen op sites van zijn klanten door naar veilige mirror

Cloudflare vervangt in een zeer ongebruikelijke stap alle verwijzingen naar het Polyfill.io-domein. De open-source library voor JavaScript-toepassingen zou na een Chinese overname vooral kwaadaardige ...
Bleeping Computer

Polyfill claims it has been 'defamed', returns after domain shut down

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 ...
GitHub

BigBuildBench/js-temporal_temporal-polyfill

This polyfill was kicked off by some of the champions of the Temporal proposal. The goal is to be ready for production use when the Temporal proposal reaches Stage 4, although like with all OSS work ...