Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...
InfoQ

Safari Adds Scrollend Event Support, Completing Baseline Browser Coverage

Safari released version 26.2 in December, adding support for the scrollend event and marking a significant milestone for the web platform. The release means the event now has baseline browser support ...
TechCrunch

North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...
SecurityWeek

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

The Polyfill supply chain attack that hit more than 100,000 websites back in 2024 has now been linked to North Korean threat actors after it was initially tied only to China. In February 2024, the ...
GitHub

React Native URL Polyfill

As mentioned above, Unicode support has been stripped out to keep this polyfill lightweight on mobile. Therefore, non-ASCII characters aren't supported in the hostname. React Native does include a ...
TechCrunch

Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

One of the biggest digital supply chain attacks of the year was launched by a little-known company that redirected large numbers of internet users to a network of copycat gambling sites, according to ...
The Hacker News

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The supply chain attack targeting the widely-used Polyfill[.]io JavaScript library is broader in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are ...
Ars Technica

384,000 sites pull code from sketchy code library recently bought by Chinese firm

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript ...
PC Magazine

Domain That Redirected Hulu, 491K+ Other Websites to Porn Gets Shut Down

The Polyfill domain was reportedly sold to a Chinese company, dubbed Funnull, back in February. A site linked to data protection firm Leak Signal notes: "There are many risks associated with allowing ...
GIGAZINE

Malware infects JavaScript library 'Polyfill.io' affecting over 100,000 websites

Polyfill.io, a JavaScript library that nullifies differences between web browser versions, was infected with malware and used in supply chain attacks after the project owner changed in February 2024, ...
CSOonline

Formerly legitimate Polyfill.io domain abused to serve malicious code

A site formerly used to host a service geared towards adding JavaScript polyfills to web pages to ensure compatibility with older browsers is being abused to serve malicious scripts as part of a ...