* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, June 28, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Susquehanna Raises Penn Entertainment Inc. (PENN) Price Target. – Yahoo Finance

    Susquehanna Raises Price Target for Penn Entertainment Inc. (PENN)

    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Emerging Memory and Storage Technology Market Analysis Report 2025-2034 | AI and HPC Boom Fuels Surging Demand for Fast, Low-Power Memory Devices – Yahoo Finance

    How AI and HPC Are Driving Explosive Growth in Fast, Low-Power Memory Technologies Through 2034

    Ostin Technology (OST): Volatility’s Warning or Contrarian Opportunity? – AInvest

    Ostin Technology (OST): Navigating Market Volatility – Red Flag or Hidden Opportunity?

    St. Francis Medical Center brings advanced robotic surgery technology to Northeast Louisiana – KNOE

    St. Francis Medical Center brings advanced robotic surgery technology to Northeast Louisiana – KNOE

    Wayve Expands Engineering Leadership to Power Next-Gen Autonomous Driving Technology – Silicon Canals

    Wayve Boosts Engineering Leadership to Accelerate Next-Gen Autonomous Driving Innovation

    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Susquehanna Raises Penn Entertainment Inc. (PENN) Price Target. – Yahoo Finance

    Susquehanna Raises Price Target for Penn Entertainment Inc. (PENN)

    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Emerging Memory and Storage Technology Market Analysis Report 2025-2034 | AI and HPC Boom Fuels Surging Demand for Fast, Low-Power Memory Devices – Yahoo Finance

    How AI and HPC Are Driving Explosive Growth in Fast, Low-Power Memory Technologies Through 2034

    Ostin Technology (OST): Volatility’s Warning or Contrarian Opportunity? – AInvest

    Ostin Technology (OST): Navigating Market Volatility – Red Flag or Hidden Opportunity?

    St. Francis Medical Center brings advanced robotic surgery technology to Northeast Louisiana – KNOE

    St. Francis Medical Center brings advanced robotic surgery technology to Northeast Louisiana – KNOE

    Wayve Expands Engineering Leadership to Power Next-Gen Autonomous Driving Technology – Silicon Canals

    Wayve Boosts Engineering Leadership to Accelerate Next-Gen Autonomous Driving Innovation

    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home General

384,000 sites pull code from sketchy code library recently bought by Chinese firm

July 4, 2024
in General
384,000 sites pull code from sketchy code library recently bought by Chinese firm
Share on FacebookShare on Twitter

The supply-chain threat that won’t die —

Many website admins, it seems, have yet to get memo to remove Polyfill[.]io links.

Dan Goodin
– Jul 3, 2024 7:36 pm UTC

384,000 sites pull code from sketchy code library recently bought by Chinese firm

Getty Images

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said.

For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t natively supported. By linking to cdn.polyfill[.]io, websites could ensure that devices using legacy browsers could render content in newer formats. The free service was popular among websites because all they had to do was embed the link in their sites. The code hosted on the polyfill site did the rest.

The power of supply-chain attacks

In February, China-based company Funnull acquired the domain and the GitHub account that hosted the JavaScript code. On June 25, researchers from security firm Sansec reported that code hosted on the polyfill domain had been changed to redirect users to adult- and gambling-themed websites. The code was deliberately designed to mask the redirections by performing them only at certain times of the day and only against visitors who met specific criteria.

The revelation prompted industry-wide calls to take action. Two days after the Sansec report was published, domain registrar Namecheap suspended the domain, a move that effectively prevented the malicious code from running on visitor devices. Even then, content delivery networks such as Cloudflare began automatically replacing pollyfill links with domains leading to safe mirror sites. Google blocked ads for sites embedding the Polyfill[.]io domain. The website blocker uBlock Origin added the domain to its filter list. And Andrew Betts, the original creator of Polyfill.io, urged website owners to remove links to the library immediately.

As of Tuesday, exactly one week after malicious behavior came to light, 384,773 sites continued to link to the site, according to researchers from security firm Censys. Some of the sites were associated with mainstream companies including Hulu, Mercedes-Benz, and Warner Bros. and the federal government. The findings underscore the power of supply-chain attacks, which can spread malware to thousands or millions of people simply by infecting a common source they all rely on.

“Since the domain was suspended, the supply-chain attack has been halted,” Aidan Holland, a member of the Censys Research Team, wrote in an email. “However, if the domain was to be un-suspended or transferred, it could resume its malicious behavior. My hope is that NameCheap properly locked down the domain and would prevent this from occurring.”

What’s more, the Internet scan performed by Censys found more than 1.6 million sites linking to one or more domains that were registered by the same entity that owns polyfill[.]io. At least one of the sites, bootcss[.]com, was observed in June 2023 performing malicious actions similar to those of polyfill. That domain, and three others—bootcdn[.]net, staticfile[.]net, and staticfile[.]org—were also found to have leaked a user’s authentication key for accessing a programming interface provided by Cloudflare.

Censys researchers wrote:

So far, this domain (bootcss.com) is the only one showing any signs of potential malice. The nature of the other associated endpoints remains unknown, and we avoid speculation. However, it wouldn’t be entirely unreasonable to consider the possibility that the same malicious actor responsible for the polyfill.io attack might exploit these other domains for similar activities in the future.

Of the 384,773 sites still linking to polyfill[.]com, 237,700, or almost 62 percent, were located inside Germany-based web host Hetzner.

Censys found that various mainstream sites—both in the public and private sectors—were among those linking to polyfill. They included:

Warner Bros. (www.warnerbros.com)
Hulu (www.hulu.com)
Mercedes-Benz (shop.mercedes-benz.com)
Pearson (digital-library-qa.pearson.com, digital-library-stg.pearson.com)
ns-static-assets.s3.amazonaws.com

The amazonaws.com address was the most common domain associated with sites still linking to the polyfill site, an indication of widespread usage among users of Amazon’s S3 static website hosting.

Censys also found 182 domains ending in .gov, meaning they are affiliated with a government entity. One such domain—feedthefuture[.]gov—is affiliated with the US federal government. A breakdown of the top 50 affected sites is here.

Attempts to reach Funnull representatives for comment weren’t successful.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Ars Technica – https://arstechnica.com/?p=2035216

Previous Post

High-altitude cave used by Tibetan Buddhists yields a Denisovan fossil

Next Post

Norfund looking to invest close to $500m in SE Asia from climate fund

Emerging Memory and Storage Technology Market Analysis Report 2025-2034 | AI and HPC Boom Fuels Surging Demand for Fast, Low-Power Memory Devices – Yahoo Finance

How AI and HPC Are Driving Explosive Growth in Fast, Low-Power Memory Technologies Through 2034

June 28, 2025
Axios Event: Media execs are betting big on women’s sports – Axios

Axios Event: Media execs are betting big on women’s sports – Axios

June 28, 2025
Tellus Science Museum astronomer discusses meteorite landing in metro Atlanta – WSB-TV

Meteorite Crash-Lands in Metro Atlanta: Expert Insights from a Tellus Science Museum Astronomer

June 28, 2025
With pride and honor: How this queer couple achieved academic success – ABS-CBN

Triumph and Pride: The Inspiring Journey of a Queer Couple in Academia

June 28, 2025
Bidding process for 2029 and 2031 World Athletics Championships launches – worldathletics.org

Excitement Builds as Bidding Opens for 2029 and 2031 World Athletics Championships

June 28, 2025
If something is going to break in the U.S. economy, it will probably happen this summer, BofA Global says – MarketWatch

This Summer May Be the Critical Turning Point for the U.S. Economy, Experts Warn

June 28, 2025

Audit Uncovers Shocking Shortfall in State Health Plan Funding

June 28, 2025
Boulder attack suspect charged with federal hate crimes – CNN

Boulder attack suspect charged with federal hate crimes – CNN

June 28, 2025
Ostin Technology (OST): Volatility’s Warning or Contrarian Opportunity? – AInvest

Ostin Technology (OST): Navigating Market Volatility – Red Flag or Hidden Opportunity?

June 27, 2025
Vote for the Blue Water Area’s top high school sports moment from the 2025 spring season – Times Herald

Cast Your Vote for the Blue Water Area’s Most Unforgettable High School Sports Moment of Spring 2025!

June 27, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (699)
  • Economy (721)
  • Entertainment (21,613)
  • General (15,603)
  • Health (9,760)
  • Lifestyle (726)
  • News (22,149)
  • People (722)
  • Politics (728)
  • Science (15,938)
  • Sports (21,218)
  • Technology (15,706)
  • World (701)

Recent News

Emerging Memory and Storage Technology Market Analysis Report 2025-2034 | AI and HPC Boom Fuels Surging Demand for Fast, Low-Power Memory Devices – Yahoo Finance

How AI and HPC Are Driving Explosive Growth in Fast, Low-Power Memory Technologies Through 2034

June 28, 2025
Axios Event: Media execs are betting big on women’s sports – Axios

Axios Event: Media execs are betting big on women’s sports – Axios

June 28, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version