Oh snap! The same group behind last year’s Polyfill.io supply chain attack are back!

Krebs doesn’t mention it but The Register makes the connection;

https://www.theregister.com/2025/05/30/fbi_treasury_funnull_...

I mean there name is literally “Funnull”. They know exactly what they’re doing.