King Calyo on Nostr: If you're not aware yet, polyfill.io got taken over and pwned by a Chinese ...
If you're not aware yet, polyfill.io got taken over and pwned by a Chinese state-sponsored group in a MASSIVE supply-chain attack that Cloudflare, Fastly, and uBlockOrigin have all worked to mitigate the impact, but this is something that affects over 100k websites still using polyfill.io when they don't need to be.
This is, I think, the third supply chain attack that I've heard about so far this year, that has affected FOSS dependencies.
Published at
2024-06-28 20:17:53Event JSON
{
"id": "0bc021eea1c3c215668510b355ceab3a172aa7ee402efeef6d168d3d4064b246",
"pubkey": "a5e5cc1d4dff3d3a2c456f12c1694705e7664e9e7feb4b5012f0ee3128ddb0ef",
"created_at": 1719605873,
"kind": 1,
"tags": [
[
"content-warning",
"Open source sustainability and malware paranoia pt 1"
],
[
"proxy",
"https://rubber.social/@dragonarchitect/112696090496750539",
"web"
],
[
"proxy",
"https://rubber.social/users/dragonarchitect/statuses/112696090496750539",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://rubber.social/users/dragonarchitect/statuses/112696090496750539",
"pink.momostr"
],
[
"expiration",
"1722198849"
]
],
"content": "If you're not aware yet, polyfill.io got taken over and pwned by a Chinese state-sponsored group in a MASSIVE supply-chain attack that Cloudflare, Fastly, and uBlockOrigin have all worked to mitigate the impact, but this is something that affects over 100k websites still using polyfill.io when they don't need to be.\n\nThis is, I think, the third supply chain attack that I've heard about so far this year, that has affected FOSS dependencies.",
"sig": "bbb422d1f345632f54b0b48681e714725ab8602c95faf6e98b8483fe6cfd8f772fb12432b0ca22c48b2c5159b3338572a0e6327dec4f36538b1f66689d4cf6e0"
}