Attack hits 100K+ sites

New owners of the Polyfill.io service modified its JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. 

Polyfill is a popular library that supports modern web browser functions. More than 110,000 sites that embed this library are impacted by this supply chain attack, Sansec said in a Tuesday report. 

The long list of the sites known or believed to have been using the corrupted JavaScript library is here.  The malicious code would have redirected browsers to fake, malicious sites instead of to the intended destinations.  Read more here and here.