Comparison Overview

Cybersecurity and Infrastructure Security Agency

VS

City of Hercules

Cybersecurity and Infrastructure Security Agency

Washington, District of Columbia, US, 20528
Last Update: 2025-10-27 (UTC)
View Profile
Between 0 and 549
http://www.cisa.gov

NOTICE: This social media account will not be actively managed during the lapse in federal funding. We will not be able to respond or update until after funding is enacted. go.dhs.gov/lapse-2025 We lead the National effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Our multi-faceted mission is home to more than 15 career fields including business administration, cybersecurity, program management, communications, data science. We play a vital role in protecting the homeland. Please visit our official website (cisa.gov) to learn how you can contribute to our mission. Review our full Comment Policy: cisa.gov/comment-policy Review DHS LinkedIn Privacy Policy: dhs.gov/linkedin-privacy-policy-and-notice

NAICS: 92
NAICS Definition: Public Administration
Employees: 1,760
Subsidiaries: 2
12-month incidents
2
Known data breaches
5
Attack type number
5
View Profile

City of Hercules

111 CIVIC DR, None, Hercules, California, US, 94547
Last Update: 2025-07-27 (UTC)
Between 700 and 749
www.herculesca.gov

“Our mission is to lead our diverse community and enhance the quality of life in the City of Hercules, now and in the future. We do this by providing effective, efficient, responsive, and innovative services with integrity and a culture of transparency.”

NAICS: 92
NAICS Definition: Public Administration
Employees: 82
Subsidiaries: 0
12-month incidents
0
Known data breaches
1
Attack type number
1

Compliance Badges Comparison

Security & Compliance Standards Overview

https://images.rankiteo.com/companyimages/cisagov.jpeg
Cybersecurity and Infrastructure Security Agency
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
https://images.rankiteo.com/companyimages/hercules-city-of.jpeg
City of Hercules
ISO 27001
ISO 27001 certification not verified
Not verified
SOC2 Type 1
SOC2 Type 1 certification not verified
Not verified
SOC2 Type 2
SOC2 Type 2 certification not verified
Not verified
GDPR
GDPR certification not verified
Not verified
PCI DSS
PCI DSS certification not verified
Not verified
HIPAA
HIPAA certification not verified
Not verified
Compliance Summary
Cybersecurity and Infrastructure Security Agency
100%
Compliance Rate
0/4 Standards Verified
City of Hercules
0%
Compliance Rate
0/4 Standards Verified

Benchmark & Cyber Underwriting Signals

Incidents vs Government Administration Industry Average (This Year)

Cybersecurity and Infrastructure Security Agency has 194.12% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs Government Administration Industry Average (This Year)

No incidents recorded for City of Hercules in 2025.

Incident History — Cybersecurity and Infrastructure Security Agency (X = Date, Y = Severity)

Cybersecurity and Infrastructure Security Agency cyber incidents detection timeline including parent company and subsidiaries

Incident History — City of Hercules (X = Date, Y = Severity)

City of Hercules cyber incidents detection timeline including parent company and subsidiaries

Notable Incidents

Last 3 Security & Risk Events by Company

https://images.rankiteo.com/companyimages/cisagov.jpeg
Cybersecurity and Infrastructure Security Agency
Incidents

Date Detected: 5/2025
Type:Cyber Attack
Motivation: Exploit Government Vulnerabilities, Disrupt Critical Infrastructure, Leverage Political Instability, Capitalize on Reduced Oversight
Blog: Blog

Date Detected: 1/2025
Type:Breach
Attack Vector: Unknown
Motivation: Espionage
Blog: Blog

Date Detected: 12/2024
Type:Cyber Attack
Motivation: Reshaping Agency, Reduced Corporate Oversight
Blog: Blog
https://images.rankiteo.com/companyimages/hercules-city-of.jpeg
City of Hercules
Incidents

Date Detected: 11/2021
Type:Breach
Blog: Blog

FAQ

City of Hercules company demonstrates a stronger AI Cybersecurity Score compared to Cybersecurity and Infrastructure Security Agency company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Cybersecurity and Infrastructure Security Agency company has faced a higher number of disclosed cyber incidents historically compared to City of Hercules company.

In the current year, Cybersecurity and Infrastructure Security Agency company has reported more cyber incidents than City of Hercules company.

Cybersecurity and Infrastructure Security Agency company has confirmed experiencing a ransomware attack, while City of Hercules company has not reported such incidents publicly.

Both City of Hercules company and Cybersecurity and Infrastructure Security Agency company have disclosed experiencing at least one data breach.

Cybersecurity and Infrastructure Security Agency company has reported targeted cyberattacks, while City of Hercules company has not reported such incidents publicly.

Cybersecurity and Infrastructure Security Agency company has disclosed at least one vulnerability, while City of Hercules company has not reported such incidents publicly.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds any compliance certifications.

Neither company holds any compliance certifications.

Cybersecurity and Infrastructure Security Agency company has more subsidiaries worldwide compared to City of Hercules company.

Cybersecurity and Infrastructure Security Agency company employs more people globally than City of Hercules company, reflecting its scale as a Government Administration.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds SOC 2 Type 1 certification.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds SOC 2 Type 2 certification.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds ISO 27001 certification.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds PCI DSS certification.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds HIPAA certification.

Neither Cybersecurity and Infrastructure Security Agency nor City of Hercules holds GDPR certification.

Latest Global CVEs (Not Company-Specific)

Description

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected files can lead to RCE. Must be chained with a prompt injection or malicious model attach. Only affects systems supporting NTFS. This issue is fixed in version 2.0.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Description

Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes (./.cursor/./././././mcp.json etc.), and requires human approval to complete the operation. However, the same kind of manipulation using backslashes was not correctly detected, allowing an attacker who had already achieved prompt injection or some other level of control to overwrite sensitive editor files without approval on Windows machines. This issue is fixed in version 2.0.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Description

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by the attackers deeplink.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Description

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the title field. When a user views the link details page and the shareable links are rendered, the malicious JavaScript executes in their browser. This vulnerability affects multiple sharing services and can be exploited to steal session cookies, perform actions on behalf of users, or deliver malware. This issue is fixed in version 2.4.0.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash.

Published
Date
2025-11-04
Updated
Date
2025-11-04
Risk Information
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References