BFC A.I CyberSecurity Scoring
06/12/2025
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Bellissimo Foods Company in 2026.
No incidents recorded for Bellissimo Foods Company in 2026.
No incidents recorded for Bellissimo Foods Company in 2026.
Food and Beverage Services
Varun Beverages Limited (VBL) is one of the top FMCG players in the Indian Market. We are on track towards strengthening our position in the global beverage industry with our presence in 14 countries in the Indian sub-continent and Africa - where we are responsible for producing popular brands like Pepsi, Mirinda, 7up, Mountain Dew, Slice, Aquafina, Sting, Tropicana, Gatorade, and many more and making them readily available at outlets near you. We are committed towards delivering a refreshing beverage experience to our consumers. VBL in India is the second-largest franchisee partner for PepsiCo (outside US) and is powered by #HungryForMore spirit of 10,000+ employees who contribute to making the VBL family stronger and bigger every-day. Life@VBL is about endless opportunities and maximizing learnings every-day. We take immense pride in our employees’ commitment, ownership, and spirit of #OneTeamOneDream. We are equally committed to ESG principles; focusing on environmental stewardship and actively participating in community initiatives demonstrate our dedication to giving back to the environment and society. Our robust governance framework ensures accountability and sustainability in everything we do. For more details, please visit our website.
From Coors Light, Miller Lite, Molson Canadian, Carling and Staropramen to Coors Banquet, Blue Moon Belgian White, Leinenkugel’s Summer Shandy, Vizzy, Creemore Springs and more, our 16,000+ employees across the globe make and market many of the most beloved beverage brands in the world. While our history is rooted in beer, we offer a modern portfolio that expands beyond the beer aisle with energy drinks, non-alc beer and canned cocktails, ready-to-drink coffee and more. Molson Coors Beverage Company is a publicly traded company that operates through Molson Coors North America and Molson Coors Europe, and is traded on the New York and Canadian Stock Exchange (TAP). Our commitment to raising industry standards, promoting the responsible consumption of our products, and leaving a positive imprint on our employees, consumers and communities is reflected on our website, www.molsoncoors.com. Celebrate responsibly. Follow only if legal drinking age and do not share with those who are underage. TERMS: http://bit.ly/TnCs-MC
Greggs is a leading food-on-the-go retailer with over 2,400 shops nationwide and serving over six million customers a week. We stand for great tasting, freshly prepared food that our customers can trust, at affordable prices and aim to become the customers’ favourite for food-on-the-go. With ambitions to grow to over 3,0000 shops nationwide and ownership of our supply chain, we are in a unique position to make quality, freshly prepared food accessible to anyone, anywhere. Our supply network... is being reshaped to support growth and compete more effectively in the food-on-the-go market. We're investing in a major programme to support shop expansion substantially beyond 3,000 outlets in the UK. Our shops... are being refurbished and relocated in locations away from high streets such as retail and industrial parks, motorway service stations and travel hubs, to meet the demands of busy food-on-the-go customers. Our franchise model continues to offer opportunities for further growth in non-high street locations. Our product offer... is differentiated by the way we freshly prepare food in our shops each day and offer customers outstanding value for good quality, great tasting food-on-the-go, at any time of day. For more on how to join us at Greggs please visit careers.greggs.co.uk
We are a global food company dedicated to bringing local favorite foods to communities everywhere. Within 17 countries, we offer quality branded food at a range of price points and across diverse categories. We're a company dedicated to the production, distribution and sales of refrigerated and frozen products such as cold meats, dry meats, cheese, yogurt, prepared meals and beverages. We have a strong diversified portfolio of well-positioned brands that market in the countries where we participate. We operate in 64 production plants, serving more than 670,000 customers in North, Central, South America, the Caribbean and Europe. We strive for excellence in everything we do. We're passionate about innovation and our consumers; we're committed in bringing them the best quality and taste in every product. The passion and effort we invest in our work is the reason we're on the road to success.
We are one of the leading global producers and exporters of quality food, as we believe it is fundamental to a better life for all people. Not only what we do, but the way we do it, is guided by the purpose of a better life for everyone, from farm to fork. That is why we conduct a sustainable management of our chain, which is vivid, long and complex. In our chain, it is vital to know how to manage interdependence, appreciate knowledge and the development of people and their diversity, ensure efficiency and always innovate. That is how we guarantee our results. We never relinquish Safety, Quality and Integrity to reach our goals and, guided by these fundamental commitments, we maintain operations in more than 127 countries, we are responsible for iconic and beloved brands such as Sadia, Perdigão and Qualy, and own over 35 production plants, 40 distribution plants, in addition to more than 4,000 products and 4.5 million tons of food sold around the globe. Producing food in a way that improves the lives of so many people worldwide is a fascinating challenge. This is our greatest passion.
Atlanta-based platform company GoTo Foods (formerly known as Focus Brands) is a leading developer of global multi-channel foodservice brands. As of December 28 , 2025, GoTo Foods, through its affiliate brands, is the franchisor and operator of over 7,300 restaurants, cafes, ice cream shoppes and bakeries in all 50 states and in 71 countries and territories under the Auntie Anne’s®, Carvel®, Cinnabon®, Jamba®, Moe’s Southwest Grill®, McAlister’s Deli® and Schlotzsky’s® brand names, as well as the Seattle’s Best Coffee® brand on certain military bases and in certain international markets. The iconic GoTo Foods brands benefit from strong enterprise growth engines, including marketing, digital, technology and franchise sales & development to propel growth and brand performance. Please visit www.gotofoods.com to learn more. GoTo Foods is proud to be Certified™ by Great Place To Work®, the most definitive “employer-of-choice” recognition, and the only recognition based entirely on what employees report about their workplace experience for the second consecutive year.
Arca Continental produces, distributes and sells non-alcoholic beverages under The Coca-Cola Company brand, as well as snacks under the brands of Bokados in Mexico, Inalecsa in Ecuador and Wise in the US. With an outstanding history spanning more than 98 years, Arca Continental is the second-largest Coca-Cola botter in Latin America and one of the largest in the world. Within its Coca-Cola franchise territory, the company servers over 119 million consumers in northern and western Mexico, Ecuador, Peru, northern Argentina and southwestern region of the U.S. The Company´s shares trade on the Mexican Stock Exchange under the ticker symbol "AC". For more information on Arca Continental, please visit www.arcacontal.com
We bottle and sell the beverages of The Coca-Cola Company exclusively in our 29 markets and partner with other beverage businesses to also sell their brands. With over 100 brands covering eight categories – sparkling, water, juices, ready-to-drink tea, energy, plant-based, premium spirits and coffee, we help our customers delight consumers with the drink they want, when and where they want it, around the clock. These brands cater to a growing range of tastes with a wider choice of healthier options, premium products and increasingly sustainable packaging. Sustainability is integrated within every aspect of our business. It is fundamental to our business strategy, which aims to create and share value with all of our stakeholders. This defines how we run our business, carry out our activities and develop our relationships. In doing so, we foster an open and inclusive work environment with our 33,000+ employees who share a passion for serving our customers and communities and building a more positive environmental impact.
Headquartered in Charlotte, N.C., Krispy Kreme is one of the most beloved and well-known sweet treat brands in the world. Our iconic Original Glazed® doughnut is universally recognized for its hot-off-the-line, melt-in-your-mouth experience. Krispy Kreme operates in more than 40 countries through its unique network of fresh doughnut shops, partnerships with leading retailers, and a rapidly growing digital business. Our purpose of touching and enhancing lives through the joy that is Krispy Kreme guides how we operate every day and is reflected in the love we have for our people, our communities, and the planet.
Latest updates, reports, and threat intel affecting the global network.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.