CPS A.I CyberSecurity Scoring
22/04/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Capita Procurement Solutions in 2026.
No incidents recorded for Capita Procurement Solutions in 2026.
No incidents recorded for Capita Procurement Solutions in 2026.
Alvarez & Marsal is a leading global professional services firm dedicated to helping organizations tackle their most complex business issues, maximize stakeholder value, and deliver sustainable change. Privately held since its founding in 1983, clients select us for our deep expertise and proven ability to create and deliver practical solutions to their unique problems. Leveraging A&M’s restructuring heritage, our fact-driven, action-oriented approach empowers organizations to drive transformation and unlock value at every stage of growth. Our worldwide network extends across six continents, with over 10,000 people comprised of experienced operators, world-class consultants, former regulators and industry authorities. We foster a uniquely collaborative environment that embraces our peoples’ diverse perspectives and A&M’s entrepreneurial spirit to deliver end-to-end capabilities that span advisory, business performance improvement, and turnaround management. When action matters, find us at www.alvarezandmarsal.com.
Publicis Sapient is a technology company that provides enterprise AI platforms and services. With over 30 years of digital business transformation experience, we enable enterprise clients to transform how they operate and serve their customers, unlocking new value and enabling them to thrive in an AI-driven world. Our platforms use AI built off this deep enterprise context to help them modernize, build agentic solutions, and sustain their competitive advantage. The combination of our AI platforms and the expertise of our people enables us to deliver faster and more effective outcomes through solutions that are specific to the unique needs of our clients’ businesses, their industries and their customers. Publicis Sapient is the technology hub of Publicis Groupe, uniting 20,000 people worldwide across 28 countries. For more information, visit publicissapient.com.
Guidehouse is a global AI-led professional services firm delivering advisory, technology, and managed services to the commercial and government sectors. With an integrated business technology approach, Guidehouse drives efficiency and resilience in the healthcare, financial services, energy, infrastructure, and national security markets. Built to help clients across industries outwit complexity, the firm brings together approximately 18,000 professionals to achieve lasting impact and shape a meaningful future.
WNS, part of Capgemini, is a global Agentic AI-powered intelligent operations and transformation company. WNS combines deep industry knowledge with technology, analytics, and process expertise to co-create innovative, digitally-led transformational solutions with over 700+ clients across various industries. WNS delivers an entire spectrum of transformative solutions that entail industry-specific offerings, customer experience services, finance and accounting, human resources, procurement, and data-led analytics solutions to solve operational challenges and drive strategic growth journeys for businesses. As of June 30, 2025, WNS has 66,000+ professionals across 64 delivery centers worldwide, including facilities in the United States, the United Kingdom, Canada, Turkey, Poland, Romania, China, Costa Rica, Malaysia, the Philippines, South Africa, Sri Lanka, and India.
ZS is a management consulting and technology firm that partners with companies to improve life and how we live it. We transform ideas into impact by bringing together data, science, technology and human ingenuity to deliver better outcomes for all. Founded in 1983, ZS has more than 13,000 employees in over 35 offices worldwide. To learn more, visit www.zs.com/ At ZS, our mission is to inspire each other to bring our unique perspective and experience to work each day. When you join our firm, you have access to a wealth of community groups to support you, energize you and inspire you to bring your authentic self to work each day.
Make growth happen. Make it trusted. Make bold moves. Make the future. KPMG makes the difference for our clients, people and communities. Make growth happen. Make it trusted. Make bold moves. Make the future. At KPMG, we’ve been making the difference for our clients, people and communities for over 150 years. We’re a leading UK provider of advisory, audit and tax services. Our clients have trusted us to make the difference for over 150 years. We work with them to overcome their biggest challenges and find new opportunities with our unique insights, fresh thinking and cutting-edge tech. KPMG. Make the Difference
Conduent delivers digital business solutions and services spanning the commercial, government and transportation spectrum – creating valuable outcomes for its clients and the millions of people who count on them. We leverage cloud computing, artificial intelligence, machine learning, automation and advanced analytics to deliver mission-critical solutions. Through a dedicated global team of approximately 55,000 associates, process expertise and advanced technologies, our solutions and services digitally transform our clients’ operations to enhance customer experiences, improve performance, increase efficiencies and reduce costs. We drive progress in every process for our client including disbursing approximately $100 billion in government payments annually, enabling 2.3 billion customer service interactions annually, empowering millions of employees through HR services every year and processing nearly 13 million tolling transactions every day. Learn more at www.conduent.com
Bain & Company is a global consultancy that helps the world’s most ambitious change makers define the future. Across 65 cities in 40 countries, we work alongside our clients as one team with a shared ambition to achieve extraordinary results, outperform the competition, and redefine industries. We complement our tailored, integrated expertise with a vibrant ecosystem of digital innovators to deliver better, faster, and more enduring outcomes. Our 10-year commitment to invest more than $1 billion in pro bono services brings our talent, expertise, and insight to organizations tackling today’s urgent challenges in education, racial equity, social justice, economic development, and the environment. We earned a platinum rating from EcoVadis, the leading platform for environmental, social, and ethical performance ratings for global supply chains, putting us in the top 1% of all companies. Since our founding in 1973, we have measured our success by the success of our clients, and we proudly maintain the highest level of client
Genpact is an agentic and advanced technology solutions company. We leverage process intelligence and artificial intelligence to deliver measurable outcomes. With a strong partner ecosystem and decades of client trust, we provide innovative solutions that transform how businesses run. Powered by a team with an active learning mindset and client centricity at its core, we deliver lasting value for the world’s leading enterprises. Get to know us at www.genpact.com and on the following social handles: X: https://twitter.com/genpact Facebook: https://www.facebook.com/ProudToBeGenpact/ Instagram: https://www.instagram.com/genpact_global/ YouTube: https://www.youtube.com/@GenpactGlobal ** Beware of fake offers** Genpact never requires applicants to pay to be part of our hiring process. If you receive an email asking you to purchase a starter kit, equipment, or training, or to pay to apply for a role, you can assume that the message is a scam. For more information on careers at Genpact, please visit us at https://www.genpact.com/careers
Latest updates, reports, and threat intel affecting the global network.
On Friday 31st March, Capita plc (“Capita”) experienced a cyber incident primarily impacting access to internal applications. This caused disruption to some...
Explore career opportunities at Capita across sectors like tech, defence, pensions, and customer service—find a role where your skills create better...
At Capita, we are dedicated to achieving better outcomes for our employees, clients, the communities we serve, and the environment.
We are a team of IT lawyers that live and breathe all things technology and data. Technology pervades in most aspects of modern life.
A public body in Northern Ireland has granted Capita £208 million in additional contracts and extensions without competition after ditching a £485 million...
Cybersecurity is a game-changer for economic growth in the digital era. Cybersecurity is no longer just about protection—it's a vital...
Recruiting Adolfo Hernandez could help Capita continue to recover from a cyberattack, further emphasising how businesses need robust...
From reducing operational risk and freeing up officer time with smart data, to supporting non-custodial sentencing options, we're helping support safer...
We're one of the largest IT organisations in the UK, helping organisations to get the most out of technology and software, as well as working with our own...
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.