Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion. [...]

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

itsecuritynews.info - 26/Jun 05:06

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the...

Cloudflare: We never authorized polyfill.io to use our name

bleepingcomputer.com - 27/Jun 09:18

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized...

Polyfill.io JavaScript supply chain attack impacts over 100K sites

bleepingcomputer.com - 25/Jun 18:10

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script...

Hackers Slip Backdoor into WordPress Plugins in Latest Supply-Chain Attack

itsecuritynews.info - 28/Jun 08:09

Security researchers announced on Monday that there had been a supply chain attack on up to 36,000 WordPress plugins running on a wide range of...

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

itsecuritynews.info - 26/Jun 22:09

On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through...

Polyfill claims it has been 'defamed', returns after domain shut down

bleepingcomputer.com - 27/Jun 10:57

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was...

Gitleaks: Open-source solution for detecting secrets in your code

itsecuritynews.info - 27/Jun 05:07

Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories....

Gitleaks: Open-source solution for detecting secrets in your code

itsecuritynews.info - 27/Jun 05:07

Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories....

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately

itsecuritynews.info - 26/Jun 00:04

Scripts turn malicious, infect webpages after Chinese CDN swallows domain The polyfill.io domain is being used to infect more than 100,000 websites...

Plugins on WordPress.org backdoored in supply chain attack

bleepingcomputer.com - 25/Jun 19:25

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts...

Rubriques :

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator

Articles similaires

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Cloudflare: We never authorized polyfill.io to use our name

Polyfill.io JavaScript supply chain attack impacts over 100K sites

Hackers Slip Backdoor into WordPress Plugins in Latest Supply-Chain Attack

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack

Polyfill claims it has been 'defamed', returns after domain shut down

Gitleaks: Open-source solution for detecting secrets in your code

Gitleaks: Open-source solution for detecting secrets in your code

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately

Plugins on WordPress.org backdoored in supply chain attack

Les derniers communiqués