Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Tech companies including Toshiba and MUJI warned visitors about unexpected browser sign-in prompts generated by the external CDN domain polyfill.io, which recently began responding with HTTP 401 authentication requests after previously hosting malicious scripts in 2024; affected sites have suspended the service and users are advised not to enter credentials, with no confirmed credential theft reported.