If you're not aware yet, polyfill.io got taken over and pwned by a Chinese state-sponsored group in a MASSIVE supply-chain attack that Cloudflare, Fastly, and uBlockOrigin have all worked to mitigate the impact, but this is something that affects over 100k websites still using polyfill.io when they don't need to be.
This is, I think, the third supply chain attack that I've heard about so far this year, that has affected FOSS dependencies.
Calyo Delphi /
npub15h…fp0xu
2024-06-28 22:17:53
Author Public Key
npub15hjuc82dlu7n5tz9dufvz628qhnkvn570l45k5qj7rhrz2xakrhsffp0xuPublished at
2024-06-28 22:17:53Event JSON
{
"id": "0bc021eea1c3c215668510b355ceab3a172aa7ee402efeef6d168d3d4064b246",
"pubkey": "a5e5cc1d4dff3d3a2c456f12c1694705e7664e9e7feb4b5012f0ee3128ddb0ef",
"created_at": 1719605873,
"kind": 1,
"tags": [
[
"content-warning",
"Open source sustainability and malware paranoia pt 1"
],
[
"proxy",
"https://rubber.social/@dragonarchitect/112696090496750539",
"web"
],
[
"proxy",
"https://rubber.social/users/dragonarchitect/statuses/112696090496750539",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://rubber.social/users/dragonarchitect/statuses/112696090496750539",
"pink.momostr"
],
[
"expiration",
"1722198849"
]
],
"content": "If you're not aware yet, polyfill.io got taken over and pwned by a Chinese state-sponsored group in a MASSIVE supply-chain attack that Cloudflare, Fastly, and uBlockOrigin have all worked to mitigate the impact, but this is something that affects over 100k websites still using polyfill.io when they don't need to be.\n\nThis is, I think, the third supply chain attack that I've heard about so far this year, that has affected FOSS dependencies.",
"sig": "bbb422d1f345632f54b0b48681e714725ab8602c95faf6e98b8483fe6cfd8f772fb12432b0ca22c48b2c5159b3338572a0e6327dec4f36538b1f66689d4cf6e0"
}