Application Security

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.

Hackers don't need a key to get past your defenses, if they can essentially teleport using RMMs, warns CISA and the NSA.

After Berlin pledged tanks for Ukraine, some German websites were knocked offline temporarily by Killnet DDoS attacks.

Advanced workflow, approval process, and management dashboard enhance control, distribution, and supervision, while reducing errors and streamlining the entire SBOM management process.

Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.

The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys.

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.

The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.

Devices running Android 12 and below are at risk of attackers downloading apps that direct users to a malicious domain.

Amid all the NFL playoff action, FanDuel has sent an email warning to gamblers that their data was exposed in its third-party breach, putting them at risk for phishing attacks.

A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.

This time around, weak API security allowed a threat actor to access account information, the mobile phone giant reported.

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce.

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.