RE:SØURCENOTES ON CYBERSECURITY
HomeAbout
ENPL
NOTES · CYBERSECURITY · EST. 2025

RE:SØURCE

Notes and technical writeups on malware campaigns and web-application vulnerabilities, based on real cases encountered in the field.

Cover Image for CVE-2026-28501 - AVideo Unauthenticated SQL Injection
S.03 · FEATURED

CVE-2026-28501 - AVideo Unauthenticated SQL Injection

A critical SQL injection in AVideo allows unauthenticated remote attackers to exfiltrate the entire database by smuggling a single JSON field past the application's global input sanitizer.

CVE · SQLI · AVIDEO · WEBAPPREAD ↗
Author
Arkadiusz Marta
Stories · 2026
3
Focus areas
MALWARE · WEBAPP

More from the archive.

2 POSTS
Cover Image for Ledger Wallet Impersonation Analysis
S.02 ·

Ledger Wallet Impersonation Analysis

Diving into a fake Ledger Live macOS app that tricks users into entering their recovery phrase and silently sends it to an attacker.

MacOSMalwareCrypto-Stealer
Cover Image for macOS Stealer Campaign
S.01 ·

macOS Stealer Campaign

Diving into a suspicious Cloudflare-like page targeting macOS users and attempting to trick visitors into executing malicious code, similar to the ClickFix campaign.

MACOSSTEALERCLICKFIX