易主後的polyfill.io被用來執行供應鏈攻擊
支付動態 · 2024-06-27
知名的Polyfill函式庫polyfill.io在今年2月易主之後,被用來進行供應鏈攻擊,針對嵌入該函式庫的網站植入惡意程式,資安業者呼籲網站管理人員關閉Polyfill,或是改用其它較為可靠的服務
同樣是在今年2月polyfill.io易主之後,Polyfill專案的作者Andrew Betts也警告各網站應立刻移除polyfill.io。Betts還澄清,雖然他建立了Polyfill服務,但從未擁有該網域名稱,也從未參與它的銷售。
Sansec則說,這家中國公司同時購買了polyfill.io及其GitHub帳戶,且不時有用戶至其GitHub帳戶提出控訴,只是都被刪除。
Sansec建議,不再需要Polyfill函式庫的網站應該立刻移除polyfill.io,或是改用由Fastly或Cloudflare所提供的Polyfill方案。
Popular articles
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
Kazakhstan plans to penalise online casino promotions
Regulation
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Indiana online casino bill stalls in House committee
Regulation
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
HUIDU Invites You to Booth T70 at iGB L!VE 2026 — Let’s Ignite London This July!
HUIDU Focus
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
