Invicti identified the usage of Pollyfill in the target web server’s HTTP response.
Polyfill.io, a widely used JavaScript library, was compromised following its acquisition by Funnull, a China-based CDN company. Malicious code was injected into the library, redirecting users to harmful websites.
Affected Users:Over 110,000 websitesNature of Malicious Activity:
Immediate Action: Remove Polyfill.io from affected websites and replace it with secure alternatives provided by Cloudflare and Fastly.
You can search and find all vulnerabilities