CyStack | Security Research

Products & ServicesProducts & Services
SolutionsSolutions
PricingPricing
CompanyCompany
ResourcesResources

April 13 2026|Advisories

SQL Injection and Improper Access Control in Joomla’s REST API

Reading Time: 4 minutesRead this content in Vietnamese (Tiếng Việt) Introduction Joomla CMS is one of the most popular open-source CMS (content management […]

SQL Injection and Improper Access Control in Joomla’s REST API

Analysis of Suspected Malware Linked to APT-Q-27 Targeting Financial Institutions

Analysis of Suspected Malware Linked to APT-Q-27 Targeting Financial Institutions

February 4 2026|Threats & Research

Reading Time: 12 minutesĐọc bản tiếng Việt tại đây Overview Context In mid-January 2026, CyStack’s security team observed anomalous activity on a corporate […]

CVE-2025-59837 Analysis: How I Bypassed an Astro Security Patch

CVE-2025-59837 Analysis: How I Bypassed an Astro Security Patch

February 4 2026|Advisories

Reading Time: 2 minutes CyStack Advisory ID CSA-2025-01 CVE IDs CVE-2025-59837 Severity High CVSS v3 Base 7.2 Recently, I analyzed a security […]

Stored XSS leads to account takeover in Flarum

Stored XSS leads to account takeover in Flarum

November 19 2022|Advisories

Reading Time: 2 minutesCyStack Advisory ID CSA-2022-01 CVE IDs CVE-2022-41938 Severity Critical CVSS v3 Base 9.0 Synopsis CyStack’s researchers recently discovered a Stored […]

Advisories

April 13 2026|Advisories

SQL Injection and Improper Access Control in Joomla’s REST API

Reading Time: 4 minutesRead this content in Vietnamese (Tiếng Việt) Introduction Joomla CMS is one of the most popular open-source CMS (content management […]

SQL Injection and Improper Access Control in Joomla’s REST API

CVE-2025-59837 Analysis: How I Bypassed an Astro Security Patch

CVE-2025-59837 Analysis: How I Bypassed an Astro Security Patch

February 4 2026|Advisories

Reading Time: 2 minutes CyStack Advisory ID CSA-2025-01 CVE IDs CVE-2025-59837 Severity High CVSS v3 Base 7.2 Recently, I analyzed a security […]

Stored XSS leads to account takeover in Flarum

Stored XSS leads to account takeover in Flarum

November 19 2022|Advisories

Reading Time: 2 minutesCyStack Advisory ID CSA-2022-01 CVE IDs CVE-2022-41938 Severity Critical CVSS v3 Base 9.0 Synopsis CyStack’s researchers recently discovered a Stored […]

Cyclos < 4.14.15 – Remote code execution

Cyclos < 4.14.15 – Remote code execution

June 24 2022|Advisories

Reading Time: 3 minutesCyStack Advisory ID CSA-2021-01 CVE IDs CVE-2021-44832 Severity Critical CVSS v3 Base 10.0 Synopsis Cyclos is a payment software created […]

Threats & Research

February 4 2026|Threats & Research

Analysis of Suspected Malware Linked to APT-Q-27 Targeting Financial Institutions

Reading Time: 12 minutesĐọc bản tiếng Việt tại đây Overview Context In mid-January 2026, CyStack’s security team observed anomalous activity on a corporate […]

Analysis of Suspected Malware Linked to APT-Q-27 Targeting Financial Institutions

Flash Loan Attack

Flash Loan Attack

June 27 2022|Threats & Research

Reading Time: 7 minutesMở đầu Flash Loan Attack là một hình thức tấn công DeFi đã xuất hiện từ lâu, gây ra rất […]

Cuộc tấn công vào ONUS – Góc nhìn kỹ thuật từ lỗ hổng Log4Shell

Cuộc tấn công vào ONUS – Góc nhìn kỹ thuật từ lỗ hổng Log4Shell

April 1 2026|Threats & Research

Reading Time: 7 minutesRead the English version here Log4Shell hiện đang là một cơn ác mộng (có lẽ là tồi tệ nhất cho […]

The attack on ONUS – A real-life case of the Log4Shell vulnerability

The attack on ONUS – A real-life case of the Log4Shell vulnerability

April 1 2026|Threats & Research

Reading Time: 6 minutesĐọc bản tiếng Việt tại đây Log4Shell has recently been a nightmare (probably the worst one for now) to businesses. […]