Acram Digital
Company Details
Linkedin ID:
acram-digital
Website:
Employees number:
13
Number of followers:
0
NAICS:
51126
Industry Type:
Homepage:
acram.eu
IP Addresses:
0
Company ID:
ACR_7240974
Scan Status:
In-progress
Acram Digital Company CyberSecurity Posture
acram.eu
Acram Digital Studio is a Poland-based indie game developer. We specialize in creating turn-based games and top-notch digital ports of board games. Additionally, we offer a range of outsourcing services to external developers and partners. Our outsourcing capabilities encompass Full-Cycle Game Development, Co-Development, Game UI/UX Design, Nintendo Switch Porting, and Art-Outsourcing, which includes 2D, 3D, Animation, and Social Media services. To date, our team has fully developed 7 games using the Unity Engine. These games are available on multiple platforms, including iOS, Android, PC (Steam, GOG), Nintendo Switch, and Xbox—all featuring cross-platform multiplayer. We have also undertaken commissioned projects for our clients and partners. We are committed to continuous improvement, aiming to provide remarkable experiences through our products. Our mission is to deliver the finest turn-based games and meet the needs of our clients and partners with professional services. Interested in collaborating? Feel free to leave us a message at: contact(at)acram.eu
Acram Digital A.I CyberSecurity Scoring
Acram Digital Risk Score (AI oriented)Between 800 and 849
Acram Digital
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Acram Digital Global Score (TPRM)XXXX
Acram Digital
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Acram Digital Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Acram Digital: Zero-day Vulnerability in Gogs Leads to Hundreds of Compromised Servers
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: **Critical Zero-Day Vulnerability in Gogs Exploited for Remote Code Execution** A severe, unpatched zero-day vulnerability in **Gogs**, a widely used self-hosted Git service, has been actively exploited in the wild, leading to remote code execution (RCE) on exposed instances. Security researchers uncovered the flaw during routine scans of internet-facing Gogs servers, revealing that attackers have already compromised hundreds of systems across diverse infrastructures. The vulnerability stems from **improper input validation** in Gogs’ codebase, allowing threat actors to send malicious payloads and execute arbitrary commands on vulnerable servers. While the flaw has not yet been assigned a **CVE identifier**, its exploitation has resulted in unauthorized access, potential data breaches, and full server takeovers. The impact is particularly concerning given Gogs’ adoption in numerous development and enterprise environments. With no official patch available, security experts urge administrators to **restrict access** to Gogs instances by placing them behind firewalls, deploying **web application firewalls (WAFs)** to block exploitation attempts, and monitoring logs for suspicious activity. Regular system audits are also recommended to detect signs of compromise. The incident underscores the risks of self-hosted services, especially when updates and security patches lag behind emerging threats. As the situation evolves, users await further guidance from the **Gogs development team** on a permanent fix. The cybersecurity community continues to track the vulnerability’s exploitation and potential long-term consequences.
Acram Digital Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Acram Digital
Incidents vs Computer Games Industry Average (This Year)
Acram Digital has 12.36% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Acram Digital has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Acram Digital vs Computer Games Industry Avg (This Year)
Acram Digital reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Acram Digital (X = Date, Y = Severity)
Acram Digital cyber incidents detection timeline including parent company and subsidiaries
Acram Digital Company Subsidiaries
Acram Digital Studio is a Poland-based indie game developer. We specialize in creating turn-based games and top-notch digital ports of board games. Additionally, we offer a range of outsourcing services to external developers and partners. Our outsourcing capabilities encompass Full-Cycle Game Development, Co-Development, Game UI/UX Design, Nintendo Switch Porting, and Art-Outsourcing, which includes 2D, 3D, Animation, and Social Media services. To date, our team has fully developed 7 games using the Unity Engine. These games are available on multiple platforms, including iOS, Android, PC (Steam, GOG), Nintendo Switch, and Xbox—all featuring cross-platform multiplayer. We have also undertaken commissioned projects for our clients and partners. We are committed to continuous improvement, aiming to provide remarkable experiences through our products. Our mission is to deliver the finest turn-based games and meet the needs of our clients and partners with professional services. Interested in collaborating? Feel free to leave us a message at: contact(at)acram.eu
Loading...
Acram Digital Similar Companies
Keywords Studios
🎮🎬 We help make video games, films, and fan favourites you’ve probably played, watched, or heard. We work behind the scenes with game developers, publishers, and entertainment companies to bring their ideas to life and keep them running smoothly. From game development and art production to audio se
Ubisoft
Ubisoft is a global leader in gaming with teams across the world crafting original and memorable gaming experiences featuring brands such as Assassin’s Creed®, Brawlhalla®, For Honor®, Far Cry®, Tom Clancy’s Ghost Recon®, Just Dance®, Rabbids®, Tom Clancy’s Rainbow Six®, The Crew® and Tom Clancy’s T
Epic Games
Founded in 1991, Epic Games is a leading interactive entertainment company and provider of 3D engine technology. Epic operates Fortnite, one of the world’s largest games with over 350 million accounts and 2.5 billion friend connections. Epic also develops Unreal Engine, which powers the world’s lead
.png)
Acram Digital CyberSecurity News
December 16, 2025 03:12 AM
Palo Alto Networks: 6 Cyber Security Predictions in the Era of the AI Economy by 2026
Palo Alto Networks released its latest report titled 6 Predictions for the AI Economy: The New Rules of Cyber Security by 2026,...
December 16, 2025 12:56 AM
Marshall provides updates on IDEA District, Institute for Cybersecurity
The IDEA District is a major development to the west of Marshall's campus, meant to bring more opportunities and innovation for students and...
December 16, 2025 12:21 AM
The State of U.S. State and Local Government Cybersecurity (2024-2025): Why Unified AI Defense Is Now Essential
State, Local, Tribal, and Territorial (SLTT) governments operate the systems that keep American society functioning: 911 dispatch centers,...
December 15, 2025 09:54 PM
The 5 critical cybersecurity controls every organization needs
Choosing to supplement your cybersecurity insurance with key internal controls and strategic business practices can significantly enhance...
December 15, 2025 09:19 PM
NEC Cybersecurity at the Forefront: High Hopes for New Center "Protecting .JP": NEC Stories
As digitalization accelerates and cyberattacks grow increasingly complex and sophisticated, NEC's cybersecurity business has reached a...
December 15, 2025 09:03 PM
ServiceNow reportedly in advanced talks to acquire cybersecurity firm Armis for $7 billion
Cloud software maker ServiceNow Inc. is reportedly in advanced discussions to acquire cybersecurity company Armis Inc. for as much as $7...
December 15, 2025 09:02 PM
Cybersecurity Skills Gaps Now Outpace Headcount Shortages, ISC2 Workforce Study Finds
The 2025 ISC2 Cybersecurity Workforce Study finds that skills shortages now pose a greater risk to security effectiveness than staffing levels,...
December 15, 2025 08:53 PM
$15M state grant boosts cybersecurity at Rochester Regional Health
Rochester Regional Health has received $15 million in New York state funding to strengthen cybersecurity systems and protect patient data...
December 15, 2025 08:39 PM
Think Like an Attacker: Cybersecurity Tips From Cato Networks' CISO
Etay Mayor shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Acram Digital CyberSecurity History Information
Official Website of Acram Digital
The official website of Acram Digital is https://www.acram.eu.
Acram Digital’s AI-Generated Cybersecurity Score
According to Rankiteo, Acram Digital’s AI-generated cybersecurity score is 802, reflecting their Good security posture.
How many security badges does Acram Digital’ have ?
According to Rankiteo, Acram Digital currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Acram Digital have SOC 2 Type 1 certification ?
According to Rankiteo, Acram Digital is not certified under SOC 2 Type 1.
Does Acram Digital have SOC 2 Type 2 certification ?
According to Rankiteo, Acram Digital does not hold a SOC 2 Type 2 certification.
Does Acram Digital comply with GDPR ?
According to Rankiteo, Acram Digital is not listed as GDPR compliant.
Does Acram Digital have PCI DSS certification ?
According to Rankiteo, Acram Digital does not currently maintain PCI DSS compliance.
Does Acram Digital comply with HIPAA ?
According to Rankiteo, Acram Digital is not compliant with HIPAA regulations.
Does Acram Digital have ISO 27001 certification ?
According to Rankiteo,Acram Digital is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Acram Digital
Acram Digital operates primarily in the Computer Games industry.
Number of Employees at Acram Digital
Acram Digital employs approximately 13 people worldwide.
Subsidiaries Owned by Acram Digital
Acram Digital presently has no subsidiaries across any sectors.
Acram Digital’s LinkedIn Followers
Acram Digital’s official LinkedIn profile has approximately 0 followers.
NAICS Classification of Acram Digital
Acram Digital is classified under the NAICS code 51126, which corresponds to Software Publishers.
Acram Digital’s Presence on Crunchbase
No, Acram Digital does not have a profile on Crunchbase.
Acram Digital’s Presence on LinkedIn
Yes, Acram Digital maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/acram-digital.
Cybersecurity Incidents Involving Acram Digital
As of December 16, 2025, Rankiteo reports that Acram Digital has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Acram Digital has an estimated 1,993 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Acram Digital ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Acram Digital detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with restrict access to gogs instances by deploying them behind a firewall, containment measures with regularly audit systems for unusual activity or compromises, containment measures with implement web application firewalls (wafs) to detect and block attempts to exploit the vulnerability, containment measures with monitor logs for any signs of exploitation attempts, and enhanced monitoring with monitor logs for any signs of exploitation attempts..
Incident Details
Can you provide details on each incident ?
Title: Critical Zero-Day Vulnerability in Gogs Leading to Remote Code Execution
Description: A critical zero-day vulnerability in Gogs, a popular self-hosted Git service, has been actively exploited by attackers, leading to remote code execution on internet-facing Gogs instances and resulting in the compromise of numerous servers.
Type: Zero-Day Exploitation
Attack Vector: Remote Code Execution
Vulnerability Exploited: Improper input validation in Gogs codebase
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Zero-Day Exploitation ACR1765814240
Data Compromised: Sensitive data
Systems Affected: Hundreds of internet-facing servers
Operational Impact: Unauthorized access to servers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Sensitive data.
Which entities were affected by each incident ?
Incident : Zero-Day Exploitation ACR1765814240
Entity Name: Gogs users
Entity Type: Self-hosted Git service
Industry: Software Development
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Zero-Day Exploitation ACR1765814240
Containment Measures: Restrict access to Gogs instances by deploying them behind a firewallRegularly audit systems for unusual activity or compromisesImplement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerabilityMonitor logs for any signs of exploitation attempts
Enhanced Monitoring: Monitor logs for any signs of exploitation attempts
Data Breach Information
What type of data was compromised in each breach ?
Incident : Zero-Day Exploitation ACR1765814240
Type of Data Compromised: Sensitive data
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by restrict access to gogs instances by deploying them behind a firewall, regularly audit systems for unusual activity or compromises, implement web application firewalls (wafs) to detect and block attempts to exploit the vulnerability, monitor logs for any signs of exploitation attempts and .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Zero-Day Exploitation ACR1765814240
Lessons Learned: The exploitation of this zero-day highlights the ongoing challenges faced by organizations relying on self-hosted services. Maintaining regular updates and security patches for software is crucial in thwarting such attacks.
What recommendations were made to prevent future incidents ?
Incident : Zero-Day Exploitation ACR1765814240
Recommendations: Restrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts, Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projectsRestrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts, Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projectsRestrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts, Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projectsRestrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts, Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projectsRestrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts, Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projects
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are The exploitation of this zero-day highlights the ongoing challenges faced by organizations relying on self-hosted services. Maintaining regular updates and security patches for software is crucial in thwarting such attacks.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Restrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts and Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projects.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Zero-Day Exploitation ACR1765814240
Root Causes: Improper input validation in Gogs codebase
Corrective Actions: Awaiting patch from Gogs development team
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Monitor logs for any signs of exploitation attempts.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Awaiting patch from Gogs development team.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Sensitive data.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Restrict access to Gogs instances by deploying them behind a firewallRegularly audit systems for unusual activity or compromisesImplement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerabilityMonitor logs for any signs of exploitation attempts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Sensitive data.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The exploitation of this zero-day highlights the ongoing challenges faced by organizations relying on self-hosted services. Maintaining regular updates and security patches for software is crucial in thwarting such attacks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Restrict access to Gogs instances by deploying them behind a firewall, Regularly audit systems for unusual activity or compromises, Implement web application firewalls (WAFs) to detect and block attempts to exploit the vulnerability, Monitor logs for any signs of exploitation attempts and Collaborate with the cybersecurity community to facilitate faster identification and resolution of vulnerabilities in open-source projects.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=acram-digital' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
