An analysis of more than half a million mobile applications found that nearly one in five had hardcoded encryption keys, nearly one in six used software components with known vulnerabilities, and ...

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full ...

CRN’s Security 100 list of the coolest web, email and application security companies includes AI-powered vendors protecting email inboxes and web browsers along with providers of modern code security.

Cybersecurity company Snyk Ltd. today announced the launch of Snyk API & Web, a new dynamic application security testing or DAST solution designed to meet the growing demands of modern and ...

Millions of OneDrive users who upload and interact with files through third-party Web apps may unknowingly be granting those apps full access to their entire OneDrive storage. The root of the problem, ...

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy classes also accept non-HTTP URLs, a behavior developers are responsible to ...

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.

From vendors offering code security tools to those protecting inboxes and websites against attacks, here’s a look at 20 key companies in web, email and application security. As hackers continue to ...