Contact Us

Log in

Go back to blog

Probely Security Scanner Enables Automated Detection for the Supply Chain Attack

Tiago Mendo
Tiago Mendo

June 28, 2024 · 3 min read

This week, the cybersecurity community was alerted to a major new vulnerability that compromises the online security of countless users. We’re talking about the supply chain attack.

It is estimated that over 100,000 applications have been affected by the supply chain attack. After the service was acquired by a Chinese company, malware was added to it and all sites using it started to automatically spread malware, redirecting users to phishing sites—one of the most common and dangerous cyber attacks. is a popular JavaScript library service that has the capacity to add modern functionality to older browsers, ensuring users have a consistent experience regardless of the browser's age or capabilities. Since the service is used by hundreds of thousands of websites, this attack will probably have a devastating impact on the user safety and web integrity of several organizations.

Why is a Threatening Vulnerability? is a JavaScript library that is compromised, affecting all applications using it and its users. When organizations use this third-party component their users will be redirected to malicious websites when clicking on links—but it can also happen automatically.

They can be subject, for example, to phishing attacks, where users are tricked into providing sensitive information such as bank details, password, among others. With this information, the attackers will be able to perform more serious attacks.

Fixing the Supply Chain Compromise

While Probely identifies the vulnerability and points out the instances where a fix should be applied, removing the library is not a solution, as you might still need the functionality provided. In that case, we suggest that you replace all instances of malware-injected polyfill with Cloudflare’s alternative endpoint which is free from the malware injected after the acquisition. Cloudflare has fully implemented polyfill functionality and deployed it to Cloudflare’s implementation intends to be a stand-in, identical replacement for the original library – minified and unminified.

Probely Customers are Already on the Safe Side

This is a textbook example of a supply chain attack, where a third-party domain used by hundreds of thousands of sites was acquired by a malicious actor, who used it to spread malware.

At Probely, we immediately added a detection module to warn our customers if they were using this compromised component, protecting them against potential exploitation and ensuring their websites remain secure against such threats. This proactive measure helps safeguard their operations, which is one of our top priorities as an API and Web App Discovery and Vulnerability Testing Platform.

The automatic detection of the Supply Chain Compromise is running, and all Probely customers that were identified as “vulnerable” to this threat are safe and sound.

If you’re not sure about whether your organization is safe against this or any other threat, sign up for our fully-featured 14-day free trial and test the safety of your APIs and Web Apps.

Web Application Security
Known Attacks
Go back to blog