Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

Domain registrar Namecheap has suspended the domain of Polyfill.io, a JavaScript library that was found to be infected with malware. Namecheap Takes Down Polyfill.io ...

The Polyfill domain was reportedly sold to a Chinese company, dubbed Funnull, back in February. A site linked to data protection firm Leak Signal notes: "There are many risks associated with allowing ...

Polyfill.io, a JavaScript library that nullifies differences between web browser versions, was infected with malware and used in supply chain attacks after the project owner changed in February 2024, ...

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript ...

In context: Polyfills are snippets of JavaScript code that provide modern features on older web browsers. There's nothing wrong with polyfills per se, but miscreants and cyber-criminals can easily ...

A domain that more than 100,000 websites use to deliver JavaScript code is now being used as a conduit for a Web supply chain attack that uses dynamically generated payloads, redirects users to ...

UPDATE 6/28: Domain registrar Namecheap has shut down the Polyfill .io domain, thereby eliminating the previous issue posed to almost 500,000 websites, web security firm C/Side CEO Simon Wijckmans ...