Part 3/5:

The scale of this attack is staggering - with Polyfill being used on hundreds of thousands of websites, the potential for widespread compromise is immense. This highlights the inherent risks of relying on third-party code and supply chains that may be outside of one's control.

Even more concerning is the response from the new owners of the polyfill.io domain. When called out by CloudFlare for falsely claiming to be associated with their CDN, the new owners doubled down, announcing plans to create their own global CDN to "surpass CloudFlare." This suggests a level of brazenness and disregard for the security of the internet at large.