Suspicious Polyfill Login Prompts Pop Up on Toshiba, Muji Websites

**Executive summary:** The Polyfill.io CDN has been compromised and is being used to inject malicious JavaScript into a large number of websites (estimated 100,000+), delivering fake sign-in dialogs that harvest credentials; major brands including Toshiba and Muji were observed serving these overlays. The report describes the attack chain, persistent and evolving payloads (redirects, crypto miners, credential harvesting), and provides remediation guidance such as removing Polyfill.io references, self-hosting polyfills or using trusted CDNs with SRI, and enforcing strong Content Security Policies.