The polyfill.io website was taken over by a foreign company, Funnull, which embedded malicious code in JavaScript assets fetched from their CDN source at cdn.polyfill.io. This attack impacted more than 100,000 websites, including publicly traded companies such as Intuit, due to the widespread use of the polyfill library. The malicious code injected into these sites could perform various nefarious activities, such as redirecting users to phishing sites or stealing sensitive information. To protect against such attacks, it is recommended to use trusted CDNs, monitor dependencies, implement Content Security Policy (CSP), and keep all libraries and dependencies up-to-date. Additionally, evaluating whether polyfills are still necessary for a project can help reduce the risk of such vulnerabilities. The recent attack highlights the critical importance of supporting resources across the web ecosystem and emphasizes the need for robust security measures to safeguard against supply chain attacks.