Team di ricerca sulla sicurezza di Fastly
Team di ricerca sulla sicurezza di Fastly, Fastly
Il team di ricerca sulla sicurezza di Fastly si occupa di garantire che i nostri clienti dispongano degli strumenti e dei dati necessari per mantenere sicuri i propri sistemi. Analizza e, in ultima analisi, contribuisce a prevenire gli attacchi su scala Fastly. Il team è composto da un gruppo di esperti di sicurezza che lavorano dietro le quinte per aiutarti a rimanere all'avanguardia in un panorama della sicurezza in continua evoluzione.
Page 1 of 3
-
React2Shell continua: cosa sapere e cosa fare riguardo ai 2 CVE più recenti
Sulla scia dei CVE di gravità critica di React2Shell, l'11 dicembre sono stati annunciati due nuovi CVE che sfruttano componenti simili di Next.js e React. Scopri di più su questi nuovi CVE.
-
AI Bots in Q2 2025: Trends from Fastly's Threat Insights Report
Fastly's Q2 2025 Threat Insights Report uncovers how Meta, OpenAI, and others are shaping web traffic and what organizations need to do to stay in control.
-
ToolShell Remote Code Execution in Microsoft SharePoint: CVE-2025-53770 & CVE-2025-53771
Microsoft revealed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, actively exploited to compromise SharePoint servers.
-
OS Command Injection Explained
In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.
-
CVE-2025-29927: Authorization Bypass in Next.js
A critical Next.js Vulnerability (CVE-2025-29927) lets attackers bypass authorization. Protect your applications now.
-
DDoS in February
Fastly's February 2025 DDoS report reveals a 285% month-over-month surge in DDoS attacks. Learn about key trends, targeted industries, and actionable security guidance.
-
DDoS in January
Stay informed with Fastly's monthly DDoS report, highlighting a 14.5% rise in attacks. Utilize our data-driven insights to bolster your application's security.
-
DDoS in December
Discover the latest trends and actionable insights on application DDoS attacks in December 2024. Strengthen your security with our expert analysis and guidance.
-
Back to Basics of Automated Attacks: Account Takeover
Explore account takeover attacks and mitigations including modern authentication with 2FA/passkeys, and anti-bot measures to enhance account security.
-
Detection as Code with Fastly's WAF Simulator
Being able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.
-
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
-
How to Protect Against Credential Stuffing
In this post, we will discuss a low latency approach to detect these attacks by co-locating the password hashes in a KV Store, along with Compute on Fastly’s edge.
-
Cyber 5 Threat Insights
To gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.
-
WAF Simulator: Transforming DevSecOps Workflows
We're excited to announce Fastly's new WAF Simulator, which simplifies the testing process and provides the following key benefits.
-
Patch that Vuln! Identify, Triage, and Qualify CVEs
Vulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.
-
CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25
We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.
-
Back to Basics: Directory Traversal
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?
-
Network Effect Threat Report: Uncovering the power of collective threat intelligence
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023
-
CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
-
Command Injection CVE-2021-25296: A Deep Dive
NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.
