Matthew Mathur
Senior Security Researcher, Fastly
Matthew is a Senior Security Researcher at Fastly, focusing on vulnerability research, web application attacks, and developing protections. Matthew is an active contributor to several open source security tools including the Metasploit Framework and Nuclei, and is passionate about sharing research with the security community.
-
OS Command Injection Explained
In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.
-
AI Bots in Q2 2025: Trends from Fastly's Threat Insights Report
Fastly's Q2 2025 Threat Insights Report uncovers how Meta, OpenAI, and others are shaping web traffic and what organizations need to do to stay in control.
-
ToolShell Remote Code Execution in Microsoft SharePoint: CVE-2025-53770 & CVE-2025-53771
Microsoft revealed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, actively exploited to compromise SharePoint servers.
-
CVE-2025-29927: Authorization Bypass in Next.js
A critical Next.js Vulnerability (CVE-2025-29927) lets attackers bypass authorization. Protect your applications now.
-
Command Injection CVE-2021-25296: A Deep Dive
NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.
-
CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
-
Network Effect Threat Report: Uncovering the power of collective threat intelligence
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023
-
Back to Basics: Directory Traversal
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?
-
CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25
We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.
-
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
