The team provides industry-leading third-party underwriting and pool management on DeFi Protocols, risk structuring, and institutional risk advisory services.
Manappuram Finance Ltd. is one of India’s largest and most trusted gold loan companies, with 4,199 branches across the length and breadth of the country. It currently has nearly Rs. 157.65 billion worth assets under management (AUM), and 20,185 employees. Promoted by Shri. V.P. Nandakumar, the current MD & CEO, the company was founded in the modest coastal village of Valapad (Thrissur District) by his late father Mr. V.C. Padmanabhan in 1949. The first non-banking financial company (NBFC) in Kerala to receive a Certificate of Registration issued by the RBI, it was also among the earliest to go for an IPO in 1995. In 2007 Sequoia Capital invested Rs.700 million along with Hudson Equity Holdings, heralding a period of accelerated growth, and in 2010 it became the first NBFC in Kerala to obtain the highest short term credit rating of A1+ from ICRA. In 2010, it became the first Kerala-based NBFC to offer ESOPs (Employee Stock Option Plan) to its middle and senior management functionaries. As a pioneer and trailblazer, Manappuram Finance Ltd. has always been an innovator par excellence in the gold loan product and the adoption of technology. Besides focus on the business, the cause of the wider community is central to the vision of the company. The Manappuram Foundation was established in October 2009 to drive the company’s initiatives in Corporate Social Responsibility (CSR). In recent years, the company has diversified into new business areas like micro-finance, vehicle and housing finance, and SME lending through the subsidiaries Manappuram Home Finance Ltd, Manappuram Insurance Brokers Ltd, and Asirvad Microfinance Limited. Our mission is to make life easy for common people of India with instant and easy loans, with a vision of unlocking the value of their savings in gold jewellery.
Security & Compliance Standards Overview
No incidents recorded for Cicada Partners in 2025.
No incidents recorded for Manappuram Finance Limited in 2025.
Cicada Partners cyber incidents detection timeline including parent company and subsidiaries
Manappuram Finance Limited cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
