iam-py-test

iampytest1@infosec.exchange

I am a hobbyist security researcher, filterlist maintainer, and wannabe law nerd. I help maintain the Actually Legitimate URL Shortener Tool. This account is mostly just my personal soapbox. Moreover, almost all my serious posts are about content filtering.
I am not an expert; do not take anything I toot as truth. Retoot/like != agreement.
This account is not legal or medical advice.

Profile picture: truncated screenshot of a WINE error message. The error message is titled "Download failed". The message reads "Download Failed: Success. Check your connection and click 'Retry' to try downloading the files again, or click 'Next' to continue installing anyway." There is only one button labeled "OK".

Header image: A Windows error message against the default Windows wallpaper. The error message reads "Windows cannot find iam-py-test. Make sure you typed the name correctly, and then try again."

mastodon (AP)

iam-py-test

4 months ago • •

iam-py-test
4 months ago • •

From cyberplace.social/@GossiTheDog…
All credit to @GossiTheDog

Without CDN/Archived: web.archive.org/web/sansec.io/…

Polyfill[.]io is now serving malware.
This is why you should not rely embed third party scripts on your website.
Only load JavaScript from domains you own - and preferably, only load JavaScript you/your organization wrote.
Third party JavaScript is and will always be a threat to privacy and security.

#polyfillio

Polyfill supply chain attack hits 100K+ sites

The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.

^Sansec

Kevin Beaumont

2024-06-25 20:20:48

Can’t find my thread to update it, but after a Chinese company acquired Polyfill.io last year (embedded in over 100k websites), it has started serving malware to users of said websites - prepare to be surprised.
sansec.io/research/polyfill-su…
#threatintel

Polyfill supply chain attack hits 100K+ sites
The new Chinese owner of the popular Polyfill JS project injects malware into more than 100 thousand sites.
^Sansec

#polyfillio @Kevin Beaumont

in reply to iam-py-test

iam-py-test

in reply to iam-py-test • 4 months ago • •

uBlock Origin has blocklisted PolyfillIO in it's badware list.

github.com/uBlockOrigin/uAsset…

#uBlockOrigin #polyfillio #polyfillioattack

Add polyfill.io as badware due to supplychain attack by SISheogorath · Pull Request #24255 · uBlockOrigin/uAssets

URL(s) where the issue occurs polyfill.io / cdn.polyfill.io Describe the issue This patch adds polyfill.io to badware.txt due to an ongoing supplychain attack using the domain and its subdomains. R...

^GitHub

#ublockorigin #polyfillio #polyfillioattack

⇧