Apollo Gold Corp is a mining & metals company based out of 5655 S Yosemite St # 200, Greenwood Vlg, Colorado, United States.
Tata Steel group is among the top global steel companies with an annual crude steel capacity of 34 million tonnes per annum. It is one of the world's most geographically-diversified steel producers, with operations and commercial presence across the world. The group (excluding SEA operations) recorded a consolidated turnover of US $19.7 billion in the financial year ending March 31, 2020. A Great Place to Work-CertifiedTM organisation, Tata Steel Ltd., together with its subsidiaries, associates and joint ventures, is spread across five continents with an employee base of over 65,000. Tata Steel has been a part of the DJSI Emerging Markets Index since 2012 and has been consistently ranked amongst top 5 steel companies in the DJSI Corporate Sustainability Assessment since 2016. Besides being a member of ResponsibleSteelTM and worldsteel’s Climate Action Programme, Tata Steel has won several awards and recognitions including the World Economic Forum’s Global Lighthouse recognition for its Kalinganagar Plant - a first in India, and Prime Minister’s Trophy for the best performing integrated steel plant for 2016-17. The Company, ranked as India’s most valuable Metals & Mining brand by Brand Finance, received the ‘Honourable Mention’ at the National CSR Awards 2019, Steel Sustainability Champion 2019 by worldsteel, CII Greenco Star Performer Award 2019, ‘Most Ethical Company’ award 2020 from Ethisphere Institute, Best Risk Management Framework & Systems Award (2020) by CNBC TV-18, and Award for Excellence in Financial Reporting FY20 by ICAI, among several others. To know more, visit www.tatasteel.com and www.wealsomaketomorrow.com.
Security & Compliance Standards Overview
No incidents recorded for Apollo Gold Corp in 2025.
No incidents recorded for Tata Steel in 2025.
Apollo Gold Corp cyber incidents detection timeline including parent company and subsidiaries
Tata Steel cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
