polyfill-io
Safeguard articles tagged "polyfill-io" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Anatomy of the polyfill.io CDN Compromise
In June 2024, a single acquired domain turned a free CDN trusted by over 100,000 sites into a live malware injection point — with no dependency update required.
Polyfill.io CDN Supply Chain Attack: 100K+ Sites
After a domain handover, polyfill.io began serving malware to more than 100,000 sites. Here is the attack chain and what the incident teaches us.
Polyfill.io supply chain attack
How a domain sale turned a trusted CDN into a malware vector for 100,000+ sites — and what the polyfill.io incident teaches defenders about third-party script risk.
Polyfill.io Supply Chain Attack: When a CDN Domain Changes Hands
A Chinese company acquired the polyfill.io domain and began injecting malicious code into websites that relied on the CDN, affecting over 100,000 sites. The attack exploited trust in third-party JavaScript.