384,000 sites link to code library caught performing supply-chain attack

More than 384,000 websites are linked to a site exploited in a supply-chain attack that redirected visitors to malicious sites. The JavaScript code at polyfill[.]com used to be a legitimate open-source project supporting older browsers. In February, China-based company Funnull acquired the domain and GitHub account, altering the code to redirect users to adult and gambling-themed websites. The domain was suspended after the attack came to light, with firms including Google, Domaincheap and Cloudflare trying to mitigate the effects.