logoalt Hacker News

blensortoday at 7:57 AM1 replyview on HN

It uses polyfill.io which is no longer active and has been taken over by malicious actors.

That's where the sign in request is coming from


Replies

ehntotoday at 8:26 AM

Somehow this is only the first time I have seen this vector taken advantage of with my own eyes.

I remember thinking it was a stupid idea to embed third party hosted JS back when jquery and prototypejs were the duopoly of javascript. I'm surprised it took me this long to see it.