Administrația Națională „Apele Române”
Last Update: 2025-12-24
Between 600 and 649
None
NAICS: 92
NAICS Definition: Public Administration
Employees: 55
Subsidiaries: 0
12-month incidents
1
Known data breaches
0
Attack type number
1
Comparison Overview
Administrația Națională „Apele Române”
VS
U.S. Department of the Treasury
U.S. Department of the Treasury
Last Update: 2025-12-17
Between 550 and 599
The Treasury Department is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States. The Department is responsible for a wide range of activities such as advising the President on economic and financial issues, encouraging sustainable economic growth, and fostering improved governance in financial institutions. The Department of the Treasury operates and maintains systems that are critical to the nation's financial infrastructure, such as the production of coin and currency, the disbursement of payments to the American public, revenue collection, and the borrowing of funds necessary to run the federal government. The Department works with other federal agencies, foreign governments, and international financial institutions to encourage global economic growth, raise standards of living, and to the extent possible, predict and prevent economic and financial crises. The Treasury Department also performs a critical and far-reaching role in enhancing national security by implementing economic sanctions against foreign threats to the U.S., identifying and targeting the financial support networks of national security threats, and improving the safeguards of our financial systems.
NAICS: 92
NAICS Definition: Public Administration
Employees: 14,388
Subsidiaries: 0
12-month incidents
3
Known data breaches
3
Attack type number
2
Compliance Badges Comparison
Security & Compliance Standards Overview
Administrația Națională „Apele Române”
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
U.S. Department of the Treasury
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
Compliance Summary
Administrația Națională „Apele Române”
100%
Compliance Rate
0/4 Standards Verified
U.S. Department of the Treasury
0%
Compliance Rate
0/4 Standards Verified
Benchmark & Cyber Underwriting Signals
Incidents vs Government Administration Industry Average (This Year)
Administrația Națională „Apele Române” has 19.05% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs Government Administration Industry Average (This Year)
U.S. Department of the Treasury has 257.14% more incidents than the average of same-industry companies with at least one recorded incident.
Incident History — Administrația Națională „Apele Române” (X = Date, Y = Severity)
Administrația Națională „Apele Române” cyber incidents detection timeline including parent company and subsidiaries
Incident History — U.S. Department of the Treasury (X = Date, Y = Severity)
U.S. Department of the Treasury cyber incidents detection timeline including parent company and subsidiaries
Notable Incidents
Last 3 Security & Risk Events by Company
Administrația Națională „Apele Române”
Incidents
U.S. Department of the Treasury
Incidents
Date Detected: 8/2025
Type:Cyber Attack
Attack Vector: exploitation of trusted cloud relationships (SaaS providers, Microsoft CSPs), zero-day vulnerabilities (e.g., Citrix NetScaler CVE-2023-3519, Ivanti Pulse Connect CVE-2025-0282), ProxyLogon (Microsoft Exchange), compromised SOHO devices as proxies, web shells (Neo-reGeorg, China Chopper), custom Linux RAT (CloudedHope)
Motivation: cyberespionage (targeting government, technology, legal, and professional services for sensitive data)
Blog: Blog
Date Detected: 1/2025
Type:Breach
Attack Vector: Exploited flaws in BeyondTrust software
Motivation: Data Theft
Blog: Blog
FAQ
Administrația Națională „Apele Române” company demonstrates a stronger AI Cybersecurity Score compared to U.S. Department of the Treasury company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.
U.S. Department of the Treasury company has faced a higher number of disclosed cyber incidents historically compared to Administrația Națională „Apele Române” company.
In the current year, U.S. Department of the Treasury company has reported more cyber incidents than Administrația Națională „Apele Române” company.
Administrația Națională „Apele Române” company has confirmed experiencing a ransomware attack, while U.S. Department of the Treasury company has not reported such incidents publicly.
U.S. Department of the Treasury company has disclosed at least one data breach, while Administrația Națională „Apele Române” company has not reported such incidents publicly.
U.S. Department of the Treasury company has reported targeted cyberattacks, while Administrația Națională „Apele Române” company has not reported such incidents publicly.
Neither Administrația Națională „Apele Române” company nor U.S. Department of the Treasury company has reported experiencing or disclosing vulnerabilities publicly.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds any compliance certifications.
Neither company holds any compliance certifications.
Neither Administrația Națională „Apele Române” company nor U.S. Department of the Treasury company has publicly disclosed detailed information about the number of their subsidiaries.
U.S. Department of the Treasury company employs more people globally than Administrația Națională „Apele Române” company, reflecting its scale as a Government Administration.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds SOC 2 Type 1 certification.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds SOC 2 Type 2 certification.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds ISO 27001 certification.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds PCI DSS certification.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds HIPAA certification.
Neither Administrația Națională „Apele Române” nor U.S. Department of the Treasury holds GDPR certification.
Latest Global CVEs (Not Company-Specific)
Description
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.
Risk Information
cvss3
Base: 9.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description
continuwuity is a Matrix homeserver written in Rust. Prior to version 0.5.0, this vulnerability allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. The flaw exists because the server fails to validate the origin of a signing request, provided the event's state_key is a valid user ID belonging to the target server. This issue has been patched in version 0.5.0. A workaround for this issue involves blocking access to the PUT /_matrix/federation/v2/invite/{roomId}/{eventId} endpoint using the reverse proxy.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References
- https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8
- https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
- https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
- https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
- https://github.com/langchain-ai/langchain/pull/34455
- https://github.com/langchain-ai/langchain/pull/34458
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
