Remove Polyfill.io code from your website immediately
https://www.theregister.com/2024/06/25/polyfillio_china_crisis/
Scripts turn malicious, infect webpages after Chinese CDN swallows domain
https://www.theregister.com/2024/06/25/polyfillio_china_crisis/
Scripts turn malicious, infect webpages after Chinese CDN swallows domain
This is not a supply chain attack, it is sudden extreme enshitification. according to the article, the attacker also bought the GitHub repo, so all releases should be considered tainted. The community will have to find a fork from before the acquisition and hope that there are no pre-purchase favors smuggled in.
This is not a supply chain attack, it is sudden extreme enshitification. according to the article, the attacker also bought the GitHub repo
I don't see how buying the GitHub repo as well makes it not a supply chain attack but enshitification.
They bought into the supply chain. It's a supply chain attack.
I thought Polyfill was a Google thing. I remember when they implemented it on YouTube and the Firefox performance was dire.