Matthew Mathur
Senior Security Researcher, Fastly
Matthew is a Senior Security Researcher at Fastly, focusing on vulnerability research, web application attacks, and developing protections. Matthew is an active contributor to several open source security tools including the Metasploit Framework and Nuclei, and is passionate about sharing research with the security community.
-
ToolShell Remote Code Execution in Microsoft SharePoint: CVE-2025-53770 & CVE-2025-53771
Simran Khalsa, Matthew Mathur, + 1 more
Microsoft revealed two critical vulnerabilities, CVE-2025-53771 and CVE-2025-53770, actively exploited to compromise SharePoint servers.
Security
-
Securing Your Code Against OS Command Injection
Fastly Security Research Team, Matthew Mathur
What is an OS Command Injection? In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.
Security
-
CVE-2025-29927: Authorization Bypass in Next.js
Matthew Mathur, Fastly Security Research Team
A critical Next.js Vulnerability (CVE-2025-29927) lets attackers bypass authorization. Protect your applications now.
Security
-
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
Fastly Security Research Team, Simran Khalsa, + 2 more
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
SecurityIndustry insights -
CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25
Fastly Security Research Team, Matthew Mathur
We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.
Security -
Back to Basics: Directory Traversal
Fastly Security Research Team, Matthew Mathur
In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?
Security -
Network Effect Threat Report: Uncovering the power of collective threat intelligence
Fastly Security Research Team, Simran Khalsa, + 3 more
Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023
Security+ 2 more -
CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
Fastly Security Research Team, Simran Khalsa, + 3 more
What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
Security -
Command Injection CVE-2021-25296: A Deep Dive
Fastly Security Research Team, Matthew Mathur
NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.
SecurityIndustry insights
