Back to blog

Follow and Subscribe

Team di ricerca sulla sicurezza di Fastly

Team di ricerca sulla sicurezza di Fastly, Fastly

Il team di ricerca sulla sicurezza di Fastly si occupa di garantire che i nostri clienti dispongano degli strumenti e dei dati necessari per mantenere sicuri i propri sistemi. Analizza e, in ultima analisi, contribuisce a prevenire gli attacchi su scala Fastly. Il team è composto da un gruppo di esperti di sicurezza che lavorano dietro le quinte per aiutarti a rimanere all'avanguardia in un panorama della sicurezza in continua evoluzione.

Page 2 of 3

  • AI Bots in Q2 2025: Trends from Fastly's Threat Insights Report

    Matthew Mathur, David King, + 1 more

    Fastly's Q2 2025 Threat Insights Report uncovers how Meta, OpenAI, and others are shaping web traffic and what organizations need to do to stay in control.

    Sicurezza
    Approfondimenti del settore

  • ToolShell Remote Code Execution in Microsoft SharePoint: CVE-2025-53770 & CVE-2025-53771

    Simran Khalsa, Matthew Mathur, + 1 more

    Microsoft revealed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, actively exploited to compromise SharePoint servers.

    Sicurezza

  • Memory flaw in Cranelift module

    Team di ricerca sulla sicurezza di Fastly

    The bug identified in the Cranelift x64 backend performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, the x64 compiler relies on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32’s MSB.

    Sicurezza

  • CVE-2025-29927: Authorization Bypass in Next.js

    Matthew Mathur, Team di ricerca sulla sicurezza di Fastly

    A critical Next.js Vulnerability (CVE-2025-29927) lets attackers bypass authorization. Protect your applications now.

    Sicurezza

  • How to Protect Against Credential Stuffing

    Arun Kumar, Team di ricerca sulla sicurezza di Fastly

    In this post, we will discuss a low latency approach to detect these attacks by co-locating the password hashes in a KV Store, along with Compute on Fastly’s edge.

    Compute
    + 3 more

  • DDoS in January

    Arun Kumar, David King, + 1 more

    Stay informed with Fastly's monthly DDoS report, highlighting a 14.5% rise in attacks. Utilize our data-driven insights to bolster your application's security.

    Sicurezza
    Approfondimenti del settore

  • DDoS in December

    Simran Khalsa, David King, + 1 more

    Discover the latest trends and actionable insights on application DDoS attacks in December 2024. Strengthen your security with our expert analysis and guidance.

    Sicurezza
    Approfondimenti del settore

  • Detection as Code with Fastly's WAF Simulator

    Simran Khalsa, Team di ricerca sulla sicurezza di Fastly

    Being able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.

    DevOps
    + 3 more

  • Cyber 5 Threat Insights

    Simran Khalsa, Charlie Bricknell, + 1 more

    To gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.

    Approfondimenti del settore
    + 2 more
    An illustration of a yellow, shining shield with a cracking gray shield peeling off of it

  • Next-Gen WAF for Microsoft Exchange | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    Fastly’s security research team has built and deployed a rule to protect Signal Sciences Next-Gen WAF customers against the recently announced Microsoft Exchange Server vulnerabilities.

    Prodotto
    Sicurezza

  • Atlassian Confluence OGNL Injection Vulnerability Protection | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-2021-26084.

    Sicurezza

  • Protect against Apache vulnerability | Fastly

    Team di ricerca sulla sicurezza di Fastly

    The recent Apache HTTP Server vulnerability (CVE-2021-41773) is reportedly being exploited in the wild. Fastly already detects this vulnerability, but our next-gen WAF customers can also create a rule to block exploitation.

    Sicurezza

  • Preventing SSRF: Apache CVE-2021-40438 | Fastly

    Team di ricerca sulla sicurezza di Fastly

    Our Security Research Team provides guidance on how to address CVE-2021-40438, a vulnerability in Apache HTTP Server version 2.4.48 and earlier, by patching impacted version(s) and enabling a new templated rule to prevent exploitation.

    Ingegneria
    Sicurezza

  • Subresource monitoring with Compute

    Team di ricerca sulla sicurezza di Fastly

    Compute, our serverless compute environment, can be used to solve headaches dealing with attackers looking to modify and manipulate resources. In this post, we tell you how.

    Sicurezza
    Compute

  • Log4Shell exploit found in Log4j | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.

    Sicurezza
    Ingegneria

  • Log4Shell attacks (CVE-2021-44228) insights | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the situation. We also share our guidance around testing your environment against many of the new obfuscation methods that have been seen.

    Approfondimenti del settore
    Sicurezza

  • WAF framework measures WAF effectiveness | Fastly

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 1 more

    Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.

    Ingegneria
    Sicurezza

  • How to Secure your GraphQL

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa

    There are many benefits to adopting GraphQL, but its security implications are less understood. In this post, we’ll explore those implications and offer guidance on which defaults and controls can support a safer GraphQL implementation.

    Ingegneria
    Sicurezza

  • Open redirects: abuse & recs [Ex.] | Fastly

    Team di ricerca sulla sicurezza di Fastly

    Open URL redirection is a class of web app security problems that make it easier for attackers to direct users to malicious resources. Here are some examples of how they do it and what you can do to prevent it.

    Sicurezza

  • Spring: CVE-2022-22963 & Spring4Shell (CVE-2022-22965) | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    In this post, we review details for two RCE vulnerabilities impacting Spring Cloud and Spring Framework, including how Fastly customers can protect themselves from this vulnerability.

    Sicurezza