cdn-security
Safeguard articles tagged "cdn-security" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Anatomy of the polyfill.io CDN Compromise
In June 2024, a single acquired domain turned a free CDN trusted by over 100,000 sites into a live malware injection point — with no dependency update required.
Web cache poisoning: attack mechanics and prevention
A 2024 academic scan of the Tranco Top 1000 domains found roughly 17% vulnerable to web cache poisoning — here's how the attack works and how to stop it at the edge.
Polyfill.io supply chain attack
How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.
jQuery CDN supply chain risk analysis
jQuery loads on ~75% of websites, often via CDNs with no SRI or version pinning. The cdnjs RCE and Polyfill.io hijack show why that trust model keeps failing.
Polyfill.io Supply Chain Attack: When a CDN Domain Changes Hands
A Chinese company acquired the polyfill.io domain and began injecting malicious code into websites that relied on the CDN, affecting over 100,000 sites. The attack exploited trust in third-party JavaScript.
Cache Poisoning Attacks: How They Work and How to Prevent Them
Cache poisoning attacks manipulate web caches to serve malicious content to other users. This guide covers web cache poisoning, DNS cache poisoning, and practical defenses for modern applications.
Subresource Integrity Failures: When CDN Trust Goes Wrong
SRI protects against CDN compromises and supply chain attacks on client-side scripts. Most web applications do not use it. Here is what they are missing.