Scared Of on MSN

Dark truth about digital skimming: Why your identity is at risk anywhere

Every time you shop online, fill out a form, or check out at your favorite website, invisible code might be watching.
GitHub

jsdotlua/LEGACY-luau-polyfill

A JavaScript environment polyfill for Luau, used by translated Lua packages. TODO: Rest of the README.
The Hacker News

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems ...
Dark Reading

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Researchers have linked the China-based Funnull content delivery network (CDN) to a malicious practice they've dubbed "infrastructure laundering," in which threat actors exploit mainstream hosting ...
SiliconANGLE

C/side raises $6M to prevent supply chain attacks by securing third-party scripts

Cybersecurity startup Client-side Development Inc., which does business as C/side, said today it has closed on a $6 million seed funding round to accelerate the development of its tools for monitoring ...
Security Boulevard

Polyfill.io Supply Chain Attack: Malicious JavaScript Injection Puts Over 100k Websites At Risk

Polyfill.io helps web developers achieve cross-browser compatibility by automatically managing necessary polyfills. By adding a script tag to their HTML, developers can ensure that features like ...
Hackaday

This Week In Security: Hide Yo SSH, Polyfill, And Packing It Up

The big news this week was that OpenSSH has an unauthorized Remote Code Execution exploit. Or more precisely, it had one that was fixed in 2006, that was unintentionally re-introduced in version 8.5p1 ...
TechRadar

Polyfill code breach much bigger than previously thought, with nearly 400,000customers affected

The Polyfill supply chain attack is possibly around three times bigger than previously thought, experts have warned. Rather than the 100,000 sites previously thought to be hit, new findings from the ...
The Hacker News

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The supply chain attack targeting the widely-used Polyfill[.]io JavaScript library is broader in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are ...
Ars Technica

384,000 sites pull code from sketchy code library recently bought by Chinese firm

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript ...
Infosecurity-magazine.com

WordPress Plugins at Risk From Polyfill Library Compromise

WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today. The advisory references a Polyfill supply ...
theregister

Polyfill.io owner punches back at 'malicious defamation' amid domain shutdown

In a series of angry Xeets over the past three days, what's likely the CDN operator that owns the Polyfill service accused Cloudflare, the media, and others of "malicious defamation" and "slander." ...