• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    6 months ago

    This is the best summary I could come up with:


    ]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t natively supported.

    On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites.

    Even then, content delivery networks such as Cloudflare began automatically replacing pollyfill links with domains leading to safe mirror sites.

    The findings underscore the power of supply-chain attacks, which can spread malware to thousands or millions of people simply by infecting a common source they all rely on.

    “Since the domain was suspended, the supply-chain attack has been halted,” Aidan Holland, a member of the Censys Research Team, wrote in an email.

    What’s more, the Internet scan performed by Censys found more than 1.6 million sites linking to one or more domains that were registered by the same entity that owns polyfill[.]io.


    The original article contains 645 words, the summary contains 148 words. Saved 77%. I’m a bot and I’m open source!