Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
Continuer de lireThe Fastly Security Research Team uses research, analysis, and visibility across both our unique data and the overall threat landscape to inform and defend our customers from emerging threats.
The Fastly Security Research Team serves as a trusted advisor and subject matter expert in security to our customers, internal teams, and the broader community.
We identify industry trends and emerging threats to proactively secure Fastly customers against threats.
We uncover the specifics of vulnerabilities and their impact; examining proof of concepts, reverse-engineering exploits from patches, and discovering new vulnerabilities.
We create content and tools to help the community navigate the current application security landscape and key threats within.
We monitor the macro-security environment for novel attacks and ensure security teams are aware and protected.
We examine attack data to spotlight shifts in adversary dynamics.
We create and evaluate new technologies to inform product innovation.
New 0/N-day threats, CVEs, and much more are thrust into the industry more frequently than ever before. Keep your team appraised with our latest analysis:
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
Continuer de lireWe have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.
Continuer de lireWhat you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
Continuer de lireSecurity postures must regularly evolve to mitigate sophisticated attackers. Streamline your DevSecOps processes with features and best practices we’ve helped develop:
In this post, we will discuss a low latency approach to detect these attacks by co-locating the password hashes in a KV Store, along with Compute on Fastly’s edge.
Continuer de lireBeing able to test and validate rule behavior is critical to a maintainable WAF. With our WAF Simulator, you can validate rules in a safe simulation environment.
Continuer de lireVulnerabilities are an unfortunate inevitability. However, when using a WAF there are options for your security teams while waiting for a patch.
Continuer de lireCustomers leverage Fastly’s security products with varying levels of knowledge. Enhance your expertise with details on key concepts and trends:
La traversée de répertoires, également appelée directory traversal ou path traversal, est une vulnérabilité des applications web qui permet aux hackers d’accéder à des fichiers non désirés sur un système de fichiers sous-jacent.
Continuer de lireTo gain a broader understanding of the threat landscape during "Cyber 5" weekend, we analyzed attack activities with a particular focus on commerce sites.
Continuer de lireOS command injection is a web application vulnerability that allows attackers to execute arbitrary commands on the underlying operating system.
Continuer de lire