CVE-2026-48135 - HTTP service can incorrectly process malformed HTTP requests

Cause An input-handling issue in the HTTP request processing path. Symptoms - A Check Point HTTP-based service, such as Mobile Access Portal or Identity Awareness Portals except for Captive Portal, can incorrectly handle malformed HTTP requests. Gaia Portal is not affected by this issue. - The...

Astra Linux - уязвимость в chromium

Before version 94.0.4606.61, using "use after free" in Portals within Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux - уязвимость в chromium

The use of “after free” in Portals in Google Chrome before version 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption through user interactions...

Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals

Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...

DSpace 9.2 REST API Automated Document Discovery and Download

This is a framework for collecting data from DSpace systems. Built using Selenium, it is designed to automatically discover and download documents from web repositories and public portals...

ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data

ShinyHunters claims to have stolen data from 400 firms via Salesforce portals and is threatening to leak the information unless ransom demands are paid...

PT-2026-7151

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP NET RAW capability binding to privileged ports, spoofing...

Russian BlueDelta (Fancy Bear) Uses PDFs to Steal Logins in Just 2 Seconds

New research from Recorded Future reveals how Russian state hackers BlueDelta are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

MAL-2026-181 Malicious code in smintio-portals-component-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ac8dad03743200fb36bb249f7d2292a267daaffb767a56e0c0e6634dc71afe The package smintio-portals-component-sdk was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1834

Malicious code in smintio-portals-component-sdk npm...

Malicious code in smintio-portals-component-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ac8dad03743200fb36bb249f7d2292a267daaffb767a56e0c0e6634dc71afe The package smintio-portals-component-sdk was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview smintio-portals-component-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

EUVD-2025-146740

Malicious code in uinsu-technical-portals npm...

EUVD-2025-36827

Malicious code in pensions-portals-fe npm...

MAL-2025-49029 Malicious code in pensions-portals-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9025d84d3de41f55102920c25c5229e8104e159e23a3e943a7e955077ae61403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pensions-portals-fe (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9025d84d3de41f55102920c25c5229e8104e159e23a3e943a7e955077ae61403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview pensions-portals-fe is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...