[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-ctLKSG_25mESgAoyc3mok-RO2MI0x-l08pUJ4QMO7I":3},{"lesson":4},{"id":5,"slug":6,"article_id":7,"title":8,"body":9,"prevention":10,"framework_refs":11,"status":21,"created_at":22,"published_at":23,"article":24,"tags":28,"podcasts":47},"720a0f12-e04f-4835-bce1-f3c7ab4ca8ed","third-party-javascript-injection-costs-polymarket-users-3m","12be12ba-1d98-4151-a800-9b3589550bc3","Third-Party JavaScript Injection Costs Polymarket Users $3M","Attackers compromised a third-party vendor used by Polymarket and injected malicious JavaScript into the platform's frontend, manipulating users into approving fraudulent cryptocurrency transactions. This is a classic supply-chain attack where the weakest link was not Polymarket itself, but a trusted external dependency. The incident highlights the danger of implicit trust granted to third-party scripts and vendors — a single compromised supplier can weaponize an otherwise secure application against its own users. Organizations must treat every external dependency as a potential attack vector, not an extension of their own trusted environment.","**Immediate actions:**\n- Audit all third-party JavaScript dependencies and vendors currently integrated into your frontend for signs of tampering or unexpected changes.\n- Implement Subresource Integrity (SRI) hashes for all externally loaded scripts so browsers can detect unauthorized modifications.\n- Establish a vendor incident response protocol to rapidly isolate and remove compromised third-party components.\n\n**Long-term improvements:**\n- Enforce a rigorous third-party vendor security assessment process, including regular audits and contractual security requirements for all suppliers.\n- Adopt a Content Security Policy (CSP) to restrict which scripts and sources are permitted to execute in your web application.\n- Maintain a complete Software Bill of Materials (SBOM) to track all frontend and backend dependencies and their update status.\n\n**Detection measures:**\n- Deploy real-time monitoring and alerting for unexpected changes to frontend assets, CDN-hosted scripts, or third-party integrations.\n- Implement transaction anomaly detection to flag unusual approval patterns or wallet interactions that deviate from normal user behavior.\n- Use canary tokens or integrity checks on critical JavaScript files to detect unauthorized modifications immediately.",[12,13,14,15,16,17,18,19,20],"CIS Control 2: Inventory and Control of Software Assets","CIS Control 16: Application Software Security","NIST SP 800-161: Supply Chain Risk Management","NIST CSF ID.SC-4: Supplier Risk Assessment","NIST SP 800-53 SA-12: Supply Chain Protection","OWASP Top 10: A08 Software and Data Integrity Failures","ISO\u002FIEC 27036: Information Security for Supplier Relationships","W3C Subresource Integrity (SRI) Specification","NIST CSF DE.CM-7: Monitoring for Unauthorized Activity","published","2026-06-26T20:21:47.266946+00:00","2026-06-26T20:21:47.17+00:00",{"id":7,"url":25,"slug":26,"title":27},"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fpolymarket-customers-lose-3-million-in-supply-chain-attack\u002F","polymarket-customers-lose-3-million-in-supply-chain-attack-b2c749","Polymarket customers lose $3 million in supply-chain attack",[29,35,41],{"id":30,"name":31,"slug":32,"description":33,"color":34},"1732a005-556e-411c-a9db-5edec3058571","Logging & Monitoring","logging-monitoring","Missing logs, no alerting, blind spots","#a855f7",{"id":36,"name":37,"slug":38,"description":39,"color":40},"859cf0ad-a7e9-42bb-a75d-bac6511fa5d5","Configuration Management","configuration-management","Misconfigs, default credentials, exposed services","#eab308",{"id":42,"name":43,"slug":44,"description":45,"color":46},"f0c2a0af-58aa-4128-87c9-6acd30f2dc48","Supply Chain","supply-chain","Third-party risk, compromised dependencies","#8b5cf6",[48],{"id":49,"date":50,"edition":51,"title":52,"audio_url":53},"1c868be4-18a9-45df-b7c7-378ff66e0d85","2026-06-27","morning","ThreatNoir Weekend Brief — June 27","https:\u002F\u002Fcdn.threatnoir.com\u002Fpodcasts\u002F2026-06-27\u002Fthreatnoir-morning-brief-2026-06-27.mp3"]