RE:SØURCENOTES ON CYBERSECURITY
HomeStoriesAbout
ENPL
S.00 / ARCHIVE

Stories.

All historical notes and writeups.

4 POSTS
Cover Image for CVE-2026-34747 - Payload CMS SQL Injection
S.04 ·

CVE-2026-34747 - Payload CMS SQL Injection

An SQL injection in Payload CMS exposes the underlying database through a single crafted request.

CVESQLIPAYLOADWEBAPP
Cover Image for CVE-2026-28501 - AVideo Unauthenticated SQL Injection
S.03 ·

CVE-2026-28501 - AVideo Unauthenticated SQL Injection

A critical SQL injection in AVideo allows unauthenticated remote attackers to exfiltrate the entire database by smuggling a single JSON field past the application's global input sanitizer.

CVESQLIAVIDEOWEBAPP
Cover Image for Ledger Wallet Impersonation Analysis
S.02 ·

Ledger Wallet Impersonation Analysis

Diving into a fake Ledger Live macOS app that tricks users into entering their recovery phrase and silently sends it to an attacker.

MacOSMalwareCrypto-Stealer
Cover Image for macOS Stealer Campaign
S.01 ·

macOS Stealer Campaign

Diving into a suspicious Cloudflare-like page targeting macOS users and attempting to trick visitors into executing malicious code, similar to the ClickFix campaign.

MACOSSTEALERCLICKFIX