Worth grepping your source code for "polyfill.io" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript
My notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack
@simon Thank you for posting this!
I use MathJax on my blog and per the instructions on their site, included a script from this CDN on a number of pages.
https://chrisphan.com/posts/2024-06-25_mathjax_polyfill_io_warning/index.html
I'm guessing I'm not the only mathematician who will be affected by this.
I was even going to make a pull request on MathJax's site repo, but I see you've done that already! https://github.com/mathjax/MathJax-website/pull/102 (I also thank you for this!)
@chrisphan @simon