Infosecurity Magazine

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could ...
TechCrunch

North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...
SecurityWeek

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

The Polyfill supply chain attack that hit more than 100,000 websites back in 2024 has now been linked to North Korean threat actors after it was initially tied only to China. In February 2024, the ...
GitHub

React Native URL Polyfill

As mentioned above, Unicode support has been stripped out to keep this polyfill lightweight on mobile. Therefore, non-ASCII characters aren't supported in the hostname. React Native does include a ...
Dark Reading

Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Researchers have linked the China-based Funnull content delivery network (CDN) to a malicious practice they've dubbed "infrastructure laundering," in which threat actors exploit mainstream hosting ...
Yahoo

Polyfill attack redirected victims to gambling sites to carry out supply chain attack

Add Yahoo as a preferred source to see more of our stories on Google. When you buy through links on our articles, Future and its syndication partners may earn a commission. Credit: Shutterstock/Africa ...
TechCrunch

Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

One of the biggest digital supply chain attacks of the year was launched by a little-known company that redirected large numbers of internet users to a network of copycat gambling sites, according to ...
The Hacker News

Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies

The supply chain attack targeting the widely-used Polyfill[.]io JavaScript library is broader in scope than previously thought, with new findings from Censys showing that over 380,000 hosts are ...
Ars Technica

384,000 sites pull code from sketchy code library recently bought by Chinese firm

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript ...
PC Magazine

Domain That Redirected Hulu, 491K+ Other Websites to Porn Gets Shut Down

The Polyfill domain was reportedly sold to a Chinese company, dubbed Funnull, back in February. A site linked to data protection firm Leak Signal notes: "There are many risks associated with allowing ...