WetHat💦<p>384,000 sites pull code from sketchy code library recently bought by Chinese firm | <span class="h-card" translate="no"><a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangoodin</span></a></span></p><p>A supply-chain attack on Polyfill.io, a <a href="https://fosstodon.org/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JavaScript</span></a> library, redirected users to malicious sites. So far, bootcss.com is the only domain showing any signs of potential malice. The nature of the other associated endpoints remains unknown</p><p><a href="https://fosstodon.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://fosstodon.org/tags/SupplyChainAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainAttack</span></a> <a href="https://fosstodon.org/tags/WebDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDevelopment</span></a> <a href="https://fosstodon.org/tags/WebProgramming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebProgramming</span></a> <a href="https://fosstodon.org/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSecurity</span></a> <a href="https://fosstodon.org/tags/Polyfill" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Polyfill</span></a> <a href="https://fosstodon.org/tags/PolyfillIO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PolyfillIO</span></a> </p><p><a href="https://arstechnica.com/security/2024/07/384000-sites-link-to-code-library-caught-performing-supply-chain-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/384000-sites-link-to-code-library-caught-performing-supply-chain-attack/</span></a></p>