Supply Chain Incident
Polyfill.io CDN script supply-chain compromise
The Polyfill.io service began serving malicious JavaScript to downstream websites that embedded the third-party CDN script.
ConfidenceHigh
Evidence LevelResearcher
Attack StageDistribution Compromise
Source Artifact DivergenceUnknown
Affected Packages
No structured records.
Affected Releases
No structured records.
Repositories
No structured records.
Organizations
Maintainers
No structured records.
Threat Actors
No structured records.
Campaigns
No structured records.
Build Systems
No structured records.
Distribution Channels
- Third-party CDN script
Compromised Accounts
No structured records.
Connected Entities
- Polyfill.io Organization
- Third-party CDN script Distribution Channel
References
- Polyfill supply chain attack hits 100K+ sites Sansec · 2024-06-25