Comparison Overview

Catalyst Paper

VS

Suzano

Catalyst Paper

2nd Floor, Richmond, BC, V7B1C3, CA
Last Update: 2025-05-06 (UTC)
Between 800 and 900
http://www.catalystpaper.com

Strong

Owned and Operated by Paper Excellence We manufacture diverse specialty printing papers, newsprint and pulp for retailers, publishers and commercial printers, have an annual production capacity of 1.3 million tonnes of paper and pulp. We are: โ—ฆ The only western North American producer of coated mechanical paper and SC paper โ—ฆ Among the largest producers of directory paper in the world Our Sage line of specialty papers comes with verifiable assurances relating to fibre supply, carbon emissions and mill-level performance. We respond to both the Carbon Disclosure Project and the Forest Footprint Disclosure Project, and all of our mills are chain-of-custody certified to both the Programme for the Endorsement of Forest Certification (PEFC) and Forest Stewardship Council (FSC) standards. Catalyst has been ranked by Corporate Knights magazine as one of the 50 Best Corporate Citizens in Canada for eleven consecutive years. We are headquartered in Richmond, British Columbia (BC), Canada and have three mills located in western Canada and a distribution facility in Surrey, BC. We have a workforce of 1,600 employees across North America.

NAICS: 322
NAICS Definition: Paper Manufacturing
Employees: 675
Subsidiaries: 1
12-month incidents
0
Known data breaches
0
Attack type number
0

Suzano

Av. Brigadeiro Faria Lima, 1355, Sรฃo Paulo, SP, undefined, BR
Last Update: 2025-03-07 (UTC)

Strong

Between 800 and 900
http://www.suzano.com.br

Suzano, the company resulting from the merger of Suzano Pulp & Paper and Fibria, is committed to being a global reference in the sustainable use of natural resources. The world's leading producer of eucalyptus pulp and one of Latin Americaโ€™s largest paper producers, Suzano exports to more than 80 countries and, through its products, plays a part in the lives of over two billion people. With ten mills and the joint operation Veracel, Suzano has annual installed capacity of 10,9 million tons of market pulp and 1.4 million tons of paper. Suzano has more than 35,000 direct and indirect employees and for over 90 years has invested in innovative solutions based on eucalyptus cultivation that enable it to substitute the use of fossil-based materials with renewable bio-based materials. The company adopts the highest standards of corporate governance on the exchanges where its stock is traded, namely the B3 in Brazil and the NYSE in the United States. Check our job opportunities at https://jobs.kenoby.com/suzanointernational

NAICS: 322
NAICS Definition:
Employees: 21,676
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/catalyst-paper.jpeg
Catalyst Paper
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
https://images.rankiteo.com/companyimages/suzano.jpeg
Suzano
โ€”
ISO 27001
Not verified
โ€”
SOC 2
Not verified
โ€”
GDPR
No public badge
โ€”
PCI DSS
No public badge
Compliance Summary
Catalyst Paper
100%
Compliance Rate
0/4 Standards Verified
Suzano
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Paper and Forest Product Manufacturing Industry Average (This Year)

No incidents recorded for Catalyst Paper in 2025.

Incidents vs Paper and Forest Product Manufacturing Industry Average (This Year)

No incidents recorded for Suzano in 2025.

Incident History โ€” Catalyst Paper (X = Date, Y = Severity)

Catalyst Paper cyber incidents detection timeline including parent company and subsidiaries

Incident History โ€” Suzano (X = Date, Y = Severity)

Suzano cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/catalyst-paper.jpeg
Catalyst Paper
Incidents

No Incident

https://images.rankiteo.com/companyimages/suzano.jpeg
Suzano
Incidents

No Incident

FAQ

Both Catalyst Paper company and Suzano company demonstrate a comparable AI risk posture, with strong governance and monitoring frameworks in place.

Historically, Suzano company has disclosed a higher number of cyber incidents compared to Catalyst Paper company.

In the current year, Suzano company and Catalyst Paper company have not reported any cyber incidents.

Neither Suzano company nor Catalyst Paper company has reported experiencing a ransomware attack publicly.

Neither Suzano company nor Catalyst Paper company has reported experiencing a data breach publicly.

Neither Suzano company nor Catalyst Paper company has reported experiencing targeted cyberattacks publicly.

Neither Catalyst Paper company nor Suzano company has reported experiencing or disclosing vulnerabilities publicly.

Catalyst Paper company has more subsidiaries worldwide compared to Suzano company.

Suzano company employs more people globally than Catalyst Paper company, reflecting its scale as a Paper and Forest Product Manufacturing.

Latest Global CVEs (Not Company-Specific)

Description

Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 9.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstarโ€™s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and could not be configured at runtime. In practice, this meant that every deployment using Reviewbot would validate requests with the same secret unless the operator modified source code and rebuilt the component - an expectation that is not documented and is easy to miss. All Allstar releases prior to v4.5 that include the Reviewbot code path are affected. Deployments on v4.5 and later are not affected. Those who have not enabled or exposed the Reviewbot endpoint are not exposed to this issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a userโ€™s (1) First Name, (2) Middle Name or (3) Last Name text field.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 4.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 6.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.

Published
Date
2025-10-09
Updated
Date
2025-10-09
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References