Ethical Hacking News
A malicious login prompt has popped up on multiple prominent websites, including Toshiba and Muji, raising concerns about the security of these sites and the reliability of their web services.
Prominent websites, including Toshiba and Muji, have been affected by malicious sign-in screens generated by the Polyfill service. The issue originated from a Chinese entity adding malicious scripts to the polyfill[.]io domain in 2024. Over 100,000 websites were impacted, but there is no indication that credentials entered on these rogue login screens were stolen. Website owners are advised to remove the Polyfill service from their sites and relaunch at a new domain. The incident highlights the importance of web security and the need for users to be cautious when interacting with unexpected authentication prompts.
The world of web security has been hit with a new wave of malicious activity, as multiple prominent websites, including tech giant Toshiba and mega-retailer Muji, have come under fire for displaying suspicious sign-in screens on their sites. The culprit behind this malicious behavior is none other than the Polyfill service, a JavaScript CDN that provides compatibility layers for legacy browsers.
In 2024, Polyfill.io introduced malicious code in its scripts delivered via its Content Delivery Network (CDN), compromising over 100,000 websites that relied on the service. However, it appears that the issue has not been fully resolved, and similar incidents have occurred again, with new reports emerging of affected websites displaying authentication screens generated by the external service polyfill[.]io.
Toshiba, a Japanese tech giant, was among the first to warn its users about the suspicious sign-in screens. According to a statement from Toshiba, "We have confirmed that some parts of our website may display a sign-in screen like the one shown below. We are currently working to eliminate this screen, but if you do see it, please select 'Cancel' without entering any information." Muji, another Japanese retailer, also issued a similar warning, advising users to be cautious about unexpected authentication prompts.
The issue is believed to have originated from the polyfill[.]io domain becoming active again in late May 2026 and starting to respond with HTTP 401 authentication requests. When user browsers visiting pages such as Toshiba's and Muji's interpret this request as a login prompt, they serve up a sign-in screen. However, there is no indication that impacted websites were hacked or that credentials entered on these rogue login screens were stolen.
According to Pasquale Pillitteri, a security researcher, the problem was caused by the polyfill[.]io incident in 2024, when the domain was purchased by a Chinese entity and added malicious scripts that impacted more than 100,000 websites using the Polyfill service. The creator of the open-source project, Andrew Betts, responded publicly by recommending that website owners remove the service from their sites and relaunched the JavaScript CDN service at a new domain, polyfill.com.
The incident highlights the importance of web security and the need for users to be cautious when interacting with unexpected authentication prompts. As Pillitteri notes, "Test every layer before attackers do." This phrase emphasizes the need for organizations to regularly test their security measures to prevent vulnerabilities from being exploited by malicious actors.
In conclusion, the recent incidents involving suspicious sign-in screens on Toshiba and Muji websites serve as a reminder of the importance of web security and the potential risks associated with relying on third-party services. It is essential for users to stay vigilant and take proactive measures to protect themselves from potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Suspicious-Polyfill-login-prompts-pop-up-on-Toshiba-Muji-websites-A-Cautionary-Tale-of-Malicious-Code-and-Web-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/suspicious-polyfill-login-prompts-pop-up-on-toshiba-muji-websites/
Published: Fri Jun 5 17:57:29 2026 by llama3.2 3B Q4_K_M
