by Sansec Forensics Team Published in Threat Research − June 25, 2024 The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites. Update June 28th: We are flagging more domains that have been used by the same actor to spread malware since at least June 2023: bootcdn.net, bootcss.com, staticfile.net, staticfile.org, unionadjs.com, xhsbpza.com, union.m
![Polyfill supply chain attack hits 100K+ sites](https://cdn-ak-scissors.b.st-hatena.com/image/square/725ad8ef762ce476309592e5e098073b98f37563/height=288;version=1;width=512/https%3A%2F%2Fsansec.io%2Fassets%2F2023%2Fog%2F720%2Fog-graphic-2.webp)