Polyfill Supply Chain Attack: What It Is and How to Know If You’re Affected | allinfosecnews.com

June 27, 2024, 9:23 p.m. | Michael Kucek@veracode.com (Michael Kucek)

Application Security Research, News, and Education Blog www.veracode.com

Here’s what you need to know about the progression of the Polyfill supply chain attack and how to respond.
Overview of Polyfill Supply Chain Attack
On June 25th, 2024, researchers at Sansec disclosed a supply chain attack affecting the polyfill.io content delivery network domain. This domain distributes the open-source polyfill.js library, which increases the compatible feature set of older browsers. In February 2024, the Chinese company Funnull acquired the polyfill.io domain. Sometime after that, the polyfill.io CDN began distributing malicious …

attack content delivery delivery domain june network polyfill researchers respond sansec supply supply chain supply chain attack

More from www.veracode.com / Application Security Research, News, and Education Blog

The Veracode CLI: End to End Testing with Static, Container, and Dynamic Scanning 1 day, 12 hours ago | www.veracode.com

binary blog can cli +16

Introducing Postman Collection Support for API Security Testing 4 days, 14 hours ago | www.veracode.com

api apis api security api security testing +32

Polyfill Supply Chain Attack: What It Is and How to Know If You’re Affected 5 days, 11 hours ago | www.veracode.com

attack content delivery delivery domain +9

Strategic Risk Management for CISOs: A Holistic and Consolidated Approach 6 days, 19 hours ago | www.veracode.com

applications artificial artificial intelligence attack +23

Available Now: Veracode Scan for JetBrains IDEs 1 week, 5 days ago | www.veracode.com

big code conference developers +19

Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management 2 weeks, 5 days ago | www.veracode.com

application application security appsec business +20

Understanding the Nuances: DAST vs. Penetration Testing 2 weeks, 6 days ago | www.veracode.com

application applications application security application security testing +22

Unlocking the Power of AI in Cybersecurity: Key Takeaways from the HMS Belfast Breakfast Briefing 4 weeks ago | www.veracode.com

artificial artificial intelligence belfast briefing +18

Strengthening AI Chatbot Defenses with Targeted Penetration Tests 4 weeks, 1 day ago | www.veracode.com

access agent ai chatbot attack +19

Senior Corporate & Commercial Counsel

@ Armis Security | North Carolina, United States

View on infosec-jobs.com

Senior Corporate & Commercial Counsel

@ Armis Security | Georgia, United States

View on infosec-jobs.com

Senior Corporate & Commercial Counsel

@ Armis Security | Boston, Massachusetts, United States

View on infosec-jobs.com

Senior Corporate & Commercial Counsel

@ Armis Security | Austin, Texas, United States

View on infosec-jobs.com

IP Network Engineer

@ Rogers Communications | Calgary, AB, CA

View on infosec-jobs.com

Global Product Manager

@ Vodafone | London, GB

View on infosec-jobs.com