This document discusses security vulnerabilities and threats facing media web applications. It notes that media organizations are prime targets due to their always-on services, reputation, and large public footprint. Threat actors like hacktivists and nation states use cyber attacks to disrupt service and influence public opinion. Common attack types for media include DDoS, defacement, and advanced persistent threats. The document provides statistics on data breaches in early 2016 and surveys of vulnerabilities found across media websites. It outlines challenges in protecting journalists, content, and systems. Fullstack security is recommended along with continuous assessment to match changing environments.