Cash App
Company Details
Linkedin ID:
cash-app
Website:
Employees number:
4,152
Number of followers:
281,514
NAICS:
513
Industry Type:
Homepage:
cash.app
IP Addresses:
0
Company ID:
CAS_2682181
Scan Status:
In-progress
Cash App Company CyberSecurity Posture
cash.app
It all started with an idea at Block in 2013. Initially built to take the pain out of peer-to-peer payments, Cash App has gone from a simple product with a single purpose to a dynamic ecosystem, developing unique financial products, including Afterpay, to provide a better way to send, spend, invest, borrow and save to our 50+ million monthly active customers. We want to redefine the world’s relationship with money to make it more relatable, instantly available, and universally accessible. This is our mission, and it’s why working at Cash App means so much more than a job. Today, Cash App has thousands of employees working globally across office and remote locations, with a culture geared toward innovation, collaboration and impact. We’ve been a distributed team since day one, and many of our roles can be done remotely from the countries where Cash App operates. No matter the location, we tailor our experience to ensure our employees are creative, productive, and happy.
Cash App A.I CyberSecurity Scoring
Cash App Risk Score (AI oriented)Between 700 and 749
Cash App
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Cash App Global Score (TPRM)XXXX
Cash App
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Cash App Company CyberSecurity News & History
Past Incidents
4
Attack Types
2
Cash App
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The customer data of about 8.2 million past and present customers of the Cash App was compromised in a data breach incident by a former employee recently. The compromised data included brokerage portfolio values and account numbers, Social Security numbers, birthdays, payment card info, and most other personal information of the customers. The company immediately took action and blocked the employee's access and informed the targeted customers to be alerted.
Cash App
Cyber Attack
Rankiteo Explanation
N/A
Description: In December 2021, Block, Inc. disclosed a cybersecurity incident involving its subsidiary company, Cash App. A former employee exploited insider access to download internal reports, impacting more than 8 million former and current Cash App Investing customers. Despite the breach, the company assured that no personally identifiable information, such as usernames, passwords, or Social Security Numbers, was compromised in the incident. This insider data theft underscores the significant risks associated with insider threats and highlights the necessity for stringent data access controls and monitoring.
Block
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A former employee of Block formerly known as Square downloaded reports from its Cash App containing some U.S. customer information. The report contained the information regarding the users’ full names and brokerage account numbers, brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day. The employee always had regular access to these reports as part of their past job responsibilities but these reports were accessed without permission after their employment ended. The company immediately launched an investigation to know the extent of the breach.
Block (Cash App)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Block, the parent company of Cash App, faced a significant data breach in December 2021 when a former employee unlawfully downloaded personal information of approximately **8.2 million Cash App users**. The breach was not disclosed until **April 4, 2022**, nearly four months later, raising concerns about transparency and data security practices. Shareholders filed a class-action lawsuit, alleging Block misled investors by failing to disclose inadequate security measures before the breach and during its $29 billion acquisition of Afterpay. While the lawsuit was dismissed due to lack of evidence of fraudulent intent, the incident exposed vulnerabilities in Block’s data protection framework. Additionally, Block settled separate regulatory cases in 2024, paying **$80 million** to 48 states and **$40 million** to New York for anti-money laundering deficiencies in Cash App. The breach involved **customer data leakage**, though no ransomware was reported. Cash App, with **57 million monthly users** and **$283 billion in inflows (2024)**, faced reputational and financial risks, though the direct operational impact appeared contained to data exposure and legal repercussions.
Cash App Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Cash App
Incidents vs Technology, Information and Internet Industry Average (This Year)
No incidents recorded for Cash App in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Cash App in 2025.
Incident Types Cash App vs Technology, Information and Internet Industry Avg (This Year)
No incidents recorded for Cash App in 2025.
Incident History — Cash App (X = Date, Y = Severity)
Cash App cyber incidents detection timeline including parent company and subsidiaries
Cash App Company Subsidiaries
It all started with an idea at Block in 2013. Initially built to take the pain out of peer-to-peer payments, Cash App has gone from a simple product with a single purpose to a dynamic ecosystem, developing unique financial products, including Afterpay, to provide a better way to send, spend, invest, borrow and save to our 50+ million monthly active customers. We want to redefine the world’s relationship with money to make it more relatable, instantly available, and universally accessible. This is our mission, and it’s why working at Cash App means so much more than a job. Today, Cash App has thousands of employees working globally across office and remote locations, with a culture geared toward innovation, collaboration and impact. We’ve been a distributed team since day one, and many of our roles can be done remotely from the countries where Cash App operates. No matter the location, we tailor our experience to ensure our employees are creative, productive, and happy.
Loading...
Cash App Similar Companies
Cimpress plc (Nasdaq: CMPR) invests in and builds customer-focused, entrepreneurial, mass-customization businesses for the long term. Mass customization is a competitive strategy which seeks to produce goods and services to meet individual customer needs with near mass production efficiency. Cimpr
Mynet
Türk internet kullanıcılarının en çok tercih ettiği dijital platform olan Mynet, 1999 yılından bugüne liderliğini koruyor. Kendi alanında sayısız ilki gerçekleştiren öncü internet devi Mynet, Türkiye'nin dijital ekosisteminin kalkınmasına ve gelişmesine destek olmayı sürdürüyor. Her ay ortalama 4
The Death Star
The mission of the Death Star is to keep the local systems "in line". As we have recently dissolved our Board of Directors, there is little resistance to our larger goal of universal domination. Our Stormtroopers are excellent shots and operate with our Navy, and are fielded like marines - sep
Peraton
Do the can't be done. At Peraton, we're at the forefront of delivering the next big thing every day. We're the partner of choice to help solve some of the world's most daunting challenges, delivering bold, new solutions to keep people around the world safer and more secure. How do we do it? By thi
Arrow Electronics
Arrow Electronics (NYSE:ARW) guides innovation forward for thousands of leading technology manufacturers and service providers. With 2024 sales of $27.9 billion, Arrow develops technology solutions that help improve business and daily life. Our broad portfolio that spans the entire technology lands
Primary School
www.primaryschool.com.au is a directory of sites for students and lesson plans and reference material for teachers and parents. It is currently averaging up to 350,000 unique visitors a month and has over 44,000 subscribers to its free weekly newsletter which showcases the latest internet based reso
SLB
We are a technology company that unlocks access to energy for the benefit of all. As innovators, that’s been our mission for nearly a century. Today, we face a global imperative to create a future with more energy, but less carbon. Our diverse, innovative change makers are focused on going further i
Myntra
At Myntra, we don’t just follow fashion - we define it. As India's leading fashion, lifestyle, and beauty destination, we bring together the best of style, technology, and innovation to create a seamless shopping experience for our customers. With a commitment to empowering self-expression, we cura
IndiaMART InterMESH Limited
IndiaMART is India's largest online B2B marketplace, connecting buyers with suppliers across a wide array of industries. IndiaMART provides a platform for Small & Medium Enterprises (SMEs), large enterprises, and individual buyers, helping them access diverse portfolios of quality products. Since
.png)
Cash App CyberSecurity News
December 01, 2025 03:32 PM
Mandatory cybersecurity app: Global smartphone brands brace for clash over DoT directive
Smartphone brands have been given three months to integrate Sanchar Saathi into all new units and ensure the app is visible during device...
November 19, 2025 08:00 AM
Safe Online Holiday Shopping
Stay safe online with these tips for doing your holiday shopping online safely – a complete guide for 2025!
November 18, 2025 08:00 AM
The Complete List of Hacker And Cybersecurity Movies
Hacker's Movie Guide” with Foreword by Steve Wozniak, co-founder of Apple.
November 17, 2025 08:00 AM
Is mobile banking safe? How to actually protect your money
Mobile banking is secure when you use official apps and follow best practices. Major banks invest billions in cybersecurity, but user habits...
November 13, 2025 08:00 AM
Cash App debuts a new AI assistant that answers questions about your finances
Cash App released a slate of new features as part of its fall update, including an AI chatbot that can answer questions about users'...
November 05, 2025 08:00 AM
7 Best-Performing Cybersecurity Stocks as of November 2025
Here's what to know about cybersecurity stocks and ETFs, and how they respond to cybersecurity crises.
October 21, 2025 07:00 AM
What is a Cyber Security Job?
Cybersecurity is touted as having a zero unemployment rate. It is one of the fastest-growing and in-demand professions in the world today as...
October 20, 2025 07:00 AM
Cybersecurity Awareness Month - Two Email Scams Every Student and Parent Should Know About
October is Cybersecurity Awareness Month, and for campus IT teams, that means more than patching servers and updating firewalls.
October 07, 2025 07:00 AM
10 class action settlements you can claim in October 2025
You could be eligible to recover compensation from several class action settlements accepting claims in October. These settlements provide...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Cash App CyberSecurity History Information
Official Website of Cash App
The official website of Cash App is http://cash.app.
Cash App’s AI-Generated Cybersecurity Score
According to Rankiteo, Cash App’s AI-generated cybersecurity score is 736, reflecting their Moderate security posture.
How many security badges does Cash App’ have ?
According to Rankiteo, Cash App currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Cash App have SOC 2 Type 1 certification ?
According to Rankiteo, Cash App is not certified under SOC 2 Type 1.
Does Cash App have SOC 2 Type 2 certification ?
According to Rankiteo, Cash App does not hold a SOC 2 Type 2 certification.
Does Cash App comply with GDPR ?
According to Rankiteo, Cash App is not listed as GDPR compliant.
Does Cash App have PCI DSS certification ?
According to Rankiteo, Cash App does not currently maintain PCI DSS compliance.
Does Cash App comply with HIPAA ?
According to Rankiteo, Cash App is not compliant with HIPAA regulations.
Does Cash App have ISO 27001 certification ?
According to Rankiteo,Cash App is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Cash App
Cash App operates primarily in the Technology, Information and Internet industry.
Number of Employees at Cash App
Cash App employs approximately 4,152 people worldwide.
Subsidiaries Owned by Cash App
Cash App presently has no subsidiaries across any sectors.
Cash App’s LinkedIn Followers
Cash App’s official LinkedIn profile has approximately 281,514 followers.
NAICS Classification of Cash App
Cash App is classified under the NAICS code 513, which corresponds to Others.
Cash App’s Presence on Crunchbase
Yes, Cash App has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/cash-app-c230.
Cash App’s Presence on LinkedIn
Yes, Cash App maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cash-app.
Cybersecurity Incidents Involving Cash App
As of December 10, 2025, Rankiteo reports that Cash App has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
Cash App has an estimated 12,993 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Cash App ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Cash App detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with blocked the employee's access, and communication strategy with informed the targeted customers to be alerted, and incident response plan activated with yes, and containment measures with launched an investigation, and communication strategy with delayed disclosure (4 months), communication strategy with regulatory filings, communication strategy with public statements via court proceedings..
Incident Details
Can you provide details on each incident ?
Title: Cash App Data Breach
Description: The customer data of about 8.2 million past and present customers of the Cash App was compromised in a data breach incident by a former employee recently.
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Unauthorized Access
Threat Actor: Former Employee
Title: Unauthorized Data Access by Former Employee at Block (formerly Square)
Description: A former employee of Block formerly known as Square downloaded reports from its Cash App containing some U.S. customer information. The report contained the information regarding the users’ full names and brokerage account numbers, brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day. The employee always had regular access to these reports as part of their past job responsibilities but these reports were accessed without permission after their employment ended. The company immediately launched an investigation to know the extent of the breach.
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Insider Threat
Threat Actor: Former Employee
Motivation: Unknown
Title: Block, Inc. Cash App Data Breach
Description: In December 2021, Block, Inc. disclosed a cybersecurity incident involving its subsidiary company, Cash App. A former employee exploited insider access to download internal reports, impacting more than 8 million former and current Cash App Investing customers. Despite the breach, the company assured that no personally identifiable information, such as usernames, passwords, or Social Security Numbers, was compromised in the incident. This insider data theft underscores the significant risks associated with insider threats and highlights the necessity for stringent data access controls and monitoring.
Date Detected: December 2021
Date Publicly Disclosed: December 2021
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Insider Access
Threat Actor: Former Employee
Motivation: Unknown
Title: Block (Cash App) Data Breach and Shareholder Litigation Dismissal
Description: Block, led by Jack Dorsey, won the dismissal of litigation claiming it misled shareholders regarding a December 2021 data breach at its Cash App service. A former employee downloaded personal information of ~8.2 million users. Shareholders alleged Block failed to disclose inadequate data security and delayed breach notification by nearly four months. The company also faced accusations of misleading Afterpay shareholders during its $29B acquisition. Block previously settled AML-related charges for $80M (48 states) and $40M (New York).
Date Detected: 2021-12-10
Date Publicly Disclosed: 2022-04-04
Type: Data Breach
Attack Vector: Insider Threat (former employee)
Vulnerability Exploited: Inadequate data security controls / unauthorized access by insider
Threat Actor: Former employee
Motivation: Financial Gain (alleged by shareholders)Unauthorized Data Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Internal (former employee with authorized access).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach CAS16326422
Data Compromised: Brokerage portfolio values, Account numbers, Social security numbers, Birthdays, Payment card info, Other personal information
Incident : Data Breach BLO0391622
Data Compromised: Full names, Brokerage account numbers, Brokerage portfolio value, Brokerage portfolio holdings, Stock trading activity
Incident : Data Breach CAS313050624
Data Compromised: Internal Reports
Incident : Data Breach JOI1902219091025
Data Compromised: Personal information of ~8.2 million Cash App users
Brand Reputation Impact: LitigationRegulatory Settlements ($120M total)
Legal Liabilities: Shareholder litigation (dismissed)AML settlements ($80M + $40M)
Identity Theft Risk: High (personal information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Brokerage Portfolio Values, Account Numbers, Social Security Numbers, Birthdays, Payment Card Info, Other Personal Information, , Full Names, Brokerage Account Numbers, Brokerage Portfolio Value, Brokerage Portfolio Holdings, Stock Trading Activity, , Internal Reports and Personal information.
Which entities were affected by each incident ?
Incident : Data Breach CAS16326422
Entity Name: Cash App
Entity Type: Company
Industry: Financial Services
Customers Affected: 8.2 million
Incident : Data Breach BLO0391622
Entity Name: Block (formerly Square)
Entity Type: Company
Industry: Financial Services
Location: United States
Incident : Data Breach CAS313050624
Entity Name: Block, Inc.
Entity Type: Company
Industry: Financial Services
Customers Affected: More than 8 million
Incident : Data Breach JOI1902219091025
Entity Name: Block, Inc. (Cash App)
Entity Type: Public Company
Industry: Financial Services, Technology, Mobile Payments
Location: Oakland, California, USA
Size: Large (57M monthly users as of 2024)
Customers Affected: 8.2 million
Incident : Data Breach JOI1902219091025
Entity Name: Afterpay (acquired by Block)
Entity Type: Subsidiary
Industry: Financial Services (Buy Now, Pay Later)
Location: Australia
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach CAS16326422
Containment Measures: Blocked the employee's access
Communication Strategy: Informed the targeted customers to be alerted
Incident : Data Breach BLO0391622
Incident Response Plan Activated: Yes
Containment Measures: Launched an investigation
Incident : Data Breach JOI1902219091025
Communication Strategy: Delayed disclosure (4 months)Regulatory filingsPublic statements via court proceedings
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach CAS16326422
Type of Data Compromised: Brokerage portfolio values, Account numbers, Social security numbers, Birthdays, Payment card info, Other personal information
Number of Records Exposed: 8.2 million
Sensitivity of Data: High
Personally Identifiable Information: Social Security numbersbirthdayspayment card infoother personal information
Incident : Data Breach BLO0391622
Type of Data Compromised: Full names, Brokerage account numbers, Brokerage portfolio value, Brokerage portfolio holdings, Stock trading activity
Sensitivity of Data: Medium to High
Incident : Data Breach CAS313050624
Type of Data Compromised: Internal Reports
Number of Records Exposed: More than 8 million
Personally Identifiable Information: None
Incident : Data Breach JOI1902219091025
Type of Data Compromised: Personal information
Number of Records Exposed: 8.2 million
Sensitivity of Data: High
Data Exfiltration: Yes (downloaded by former employee)
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by blocked the employee's access, and launched an investigation.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach JOI1902219091025
Regulations Violated: Anti-Money Laundering (AML) policies, Potential securities disclosure violations (alleged),
Fines Imposed: ['$80 million (48 states)', '$40 million (New York)']
Legal Actions: Shareholder class-action litigation (dismissed), State regulatory settlements,
Regulatory Notifications: Delayed (disclosed 4 months post-breach)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Shareholder class-action litigation (dismissed), State regulatory settlements, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach CAS313050624
Lessons Learned: Stringent data access controls and monitoring are necessary to mitigate insider threats.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Stringent data access controls and monitoring are necessary to mitigate insider threats.
References
Where can I find more information about each incident ?
Incident : Data Breach JOI1902219091025
Source: Reuters
Incident : Data Breach JOI1902219091025
Source: U.S. District Court, Southern District of New York (Case No. 22-08636)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Reuters, and Source: U.S. District Court, Southern District of New York (Case No. 22-08636).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach BLO0391622
Investigation Status: Ongoing
Incident : Data Breach JOI1902219091025
Investigation Status: Closed (litigation dismissed; regulatory settlements reached)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed The Targeted Customers To Be Alerted, Delayed Disclosure (4 Months), Regulatory Filings and Public Statements Via Court Proceedings.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach JOI1902219091025
Stakeholder Advisories: Court Filings, Regulatory Disclosures.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Court Filings and Regulatory Disclosures.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach JOI1902219091025
Entry Point: Internal (former employee with authorized access)
High Value Targets: Cash App user database
Data Sold on Dark Web: Cash App user database
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach JOI1902219091025
Root Causes: Inadequate Data Security Controls, Insider Threat Risk Management Failure, Delayed Breach Disclosure,
Corrective Actions: Regulatory Settlements ($120M), Potential Internal Policy Reforms (Unspecified),
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Regulatory Settlements ($120M), Potential Internal Policy Reforms (Unspecified), .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Former Employee, Former Employee, Former Employee and Former employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on December 2021.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-04-04.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were brokerage portfolio values, account numbers, Social Security numbers, birthdays, payment card info, other personal information, , Full names, Brokerage account numbers, Brokerage portfolio value, Brokerage portfolio holdings, Stock trading activity, , Internal Reports and Personal information of ~8.2 million Cash App users.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Blocked the employee's access and Launched an investigation.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, payment card info, Internal Reports, Full names, account numbers, Brokerage portfolio value, Brokerage account numbers, Personal information of ~8.2 million Cash App users, Stock trading activity, birthdays, other personal information, brokerage portfolio values and Brokerage portfolio holdings.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 24.4M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $80 million (48 states), $40 million (New York), .
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Shareholder class-action litigation (dismissed), State regulatory settlements, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Stringent data access controls and monitoring are necessary to mitigate insider threats.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are U.S. District Court, Southern District of New York (Case No. 22-08636) and Reuters.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Court filings, Regulatory disclosures, .
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Internal (former employee with authorized access).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f2xv-x3g6-4j9p
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4
- https://tuleap.net/plugins/tracker/?aid=45618
Description
Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526
- https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526
- https://tuleap.net/plugins/tracker/?aid=45592
Description
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.
Risk Information
cvss3
Base: 4.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
References
- https://github.com/Enalean/tuleap/commit/993316dd6a291bb3937cb7a4571eaab0e7d55370
- https://github.com/Enalean/tuleap/security/advisories/GHSA-vxfh-h8p6-p5rg
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=993316dd6a291bb3937cb7a4571eaab0e7d55370
- https://tuleap.net/plugins/tracker/?aid=45593
Description
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
- https://github.com/Enalean/tuleap/commit/403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://github.com/Enalean/tuleap/security/advisories/GHSA-v6vm-6rxf-7p2v
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://tuleap.net/plugins/tracker/?aid=45583
Description
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cash-app' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
