Posted by Feng Ning via Fulldisclosure on Mar 12
Subject: Alipay DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 17 Vulns, 6 CVEs (CVSS 9.3)
# Alipay DeepLink + JSBridge Attack Chain
# Silent GPS Exfiltration via Crafted URL
## Overview
Researcher: Jiqiang Feng / Innora AI Security Research
Vendor: Ant Group (蚂蚁集团) / Alibaba Group
Product: Alipay (支付宝) v10.x (Android & iOS)
Users Affected: 1 billion+
CVEs: 6 submitted to MITRE CNA-LR (2026-03-12)
CVSS: 7.4–9.3…
– Read More – Full Disclosure
![AttackFeed by Joe Wagner | [Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0 - Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/02/fulldisclosure-img-zQCQhK.webp "[Full Disclosure] CVE-2025-69690 & CVE-2025-69691 — Authenticated RCE in Netgate pfSense CE 2.7.2 and 2.8.0")
