The Polyfill.io service is used by many sites as a way to incorporate modern functions into web browsers, such as to create ads. However, after the service was recently acquired by a Chinese company, the company modified the JavaScript library to redirect users to malicious and scam sites. Some of the malware has been redirecting users to sports betting and pornographic sites. Over 110,000 sites using the library have been impacted by this supply chain attack. The creator of the Pollyfill.io service is calling for website owners to immediately remove it. There are concerns that subsequent and more severe attacks could occur if sites continue to use the service. 

Read more: https://thehackernews.com/2024/06/over-110000-websites-affected-by.html