CCSI
Company Details
Linkedin ID:
cosi---center-of-science-and-industry
Website:
Employees number:
234
Number of followers:
16,870
NAICS:
712
Industry Type:
Homepage:
cosi.org
IP Addresses:
0
Company ID:
COS_1996522
Scan Status:
In-progress
COSI - Center of Science and Industry Company CyberSecurity Posture
cosi.org
COSI provides an exciting and informative atmosphere for those of all ages to discover more about our environment, our accomplishments, our heritage, and ourselves. We motivate a desire toward a better understanding of science, industry, health, and history through involvement in exhibits, demonstrations, and a variety of educational activities and experiences. COSI is for the enrichment of the individual and for a more rewarding life on our planet, Earth.
COSI - Center of Science and Industry A.I CyberSecurity Scoring
CCSI Risk Score (AI oriented)Between 700 and 749
CCSI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CCSI Global Score (TPRM)XXXX
CCSI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CCSI Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Center of Science & Industry
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Attorney General's Office reported a data breach involving the Center of Science & Industry (COSI) on November 1, 2023. The breach was discovered on October 13, 2023, and involved unauthorized access to personal information on or about June 26, 2023. The specific number of individuals affected and the types of personal information involved are currently unknown.
CCSI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CCSI
Incidents vs Museums, Historical Sites, and Zoos Industry Average (This Year)
No incidents recorded for COSI - Center of Science and Industry in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for COSI - Center of Science and Industry in 2025.
Incident Types CCSI vs Museums, Historical Sites, and Zoos Industry Avg (This Year)
No incidents recorded for COSI - Center of Science and Industry in 2025.
Incident History — CCSI (X = Date, Y = Severity)
CCSI cyber incidents detection timeline including parent company and subsidiaries
CCSI Company Subsidiaries
COSI provides an exciting and informative atmosphere for those of all ages to discover more about our environment, our accomplishments, our heritage, and ourselves. We motivate a desire toward a better understanding of science, industry, health, and history through involvement in exhibits, demonstrations, and a variety of educational activities and experiences. COSI is for the enrichment of the individual and for a more rewarding life on our planet, Earth.
Loading...
CCSI Similar Companies
Museum of Science & Technology (MOST)
The MOST is built on a foundation of providing hands-on STEAM education throughout the Central New York community. Centrally located in downtown Syracuse, the MOST welcomes visitors from across Central New York and the world. The museum welcomes nearly 120,000 visitors annually, with approximately 2
SFO Museum
Created in 1980, SFO Museum was the first cultural institution of its kind located in an international airport. An ever-changing schedule of exhibitions on a diverse range of subjects provides an educational and cultural experience for all visitors to the Airport. SFO Museum's mission is to deligh
The National Museum of Animals & Society
Founded in 2010, the National Museum of Animals & Society is the first museum of its kind and is dedicated to enriching the lives of animals and people by exploring our shared experience. We center of the living history of animal protection, animal studies, and humane education in our collection, ex
California Agriculture Museum
The California Agriculture Museum is home to the nation's most unique collection of tractors and artifacts. Interactive exhibits tell the history of farm to fork, dating all the way back to the Gold Rush. Hear local storytellers boast of how California food producers did things bigger and better, ev
SOMArts
OUR MISSION: SOMArts cultivates access to the arts within the Bay Area by collaborating with community-focused artists and organizations. Together, we engage the power of the arts to provoke just and fair inclusion, cultural respect, and civic participation. SOMArts plays a vital role in the art
Mexic-Arte Museum
MISSION STATEMENT The Mexic‐Arte Museum is dedicated to enriching the community through education programs, exhibitions, and the collection, preservation, and interpretation of Mexican, Latino, and Latin American art and culture for visitors of all ages. HISTORY Mexic-Arte Museum was founded in
.png)
CCSI CyberSecurity News
February 23, 2024 08:00 AM
USA Today Readers' Choice Award names COSI second-best science museum in nation
The Center of Science and Industry (COSI) was named the second-best science museum in the nation by USA Today 10Best Readers' Choice Awards.
August 26, 2022 07:00 AM
Barbados Ministry of Education and Center of Science and Industry (COSI) Launch STEM Learning Lunchbox Initiative
Honorable Kay McConney, Minister of Education for Barbados and COSI distribute hundreds of science kits to youth to promote science and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CCSI CyberSecurity History Information
Official Website of COSI - Center of Science and Industry
The official website of COSI - Center of Science and Industry is http://www.cosi.org.
COSI - Center of Science and Industry’s AI-Generated Cybersecurity Score
According to Rankiteo, COSI - Center of Science and Industry’s AI-generated cybersecurity score is 721, reflecting their Moderate security posture.
How many security badges does COSI - Center of Science and Industry’ have ?
According to Rankiteo, COSI - Center of Science and Industry currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does COSI - Center of Science and Industry have SOC 2 Type 1 certification ?
According to Rankiteo, COSI - Center of Science and Industry is not certified under SOC 2 Type 1.
Does COSI - Center of Science and Industry have SOC 2 Type 2 certification ?
According to Rankiteo, COSI - Center of Science and Industry does not hold a SOC 2 Type 2 certification.
Does COSI - Center of Science and Industry comply with GDPR ?
According to Rankiteo, COSI - Center of Science and Industry is not listed as GDPR compliant.
Does COSI - Center of Science and Industry have PCI DSS certification ?
According to Rankiteo, COSI - Center of Science and Industry does not currently maintain PCI DSS compliance.
Does COSI - Center of Science and Industry comply with HIPAA ?
According to Rankiteo, COSI - Center of Science and Industry is not compliant with HIPAA regulations.
Does COSI - Center of Science and Industry have ISO 27001 certification ?
According to Rankiteo,COSI - Center of Science and Industry is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of COSI - Center of Science and Industry
COSI - Center of Science and Industry operates primarily in the Museums, Historical Sites, and Zoos industry.
Number of Employees at COSI - Center of Science and Industry
COSI - Center of Science and Industry employs approximately 234 people worldwide.
Subsidiaries Owned by COSI - Center of Science and Industry
COSI - Center of Science and Industry presently has no subsidiaries across any sectors.
COSI - Center of Science and Industry’s LinkedIn Followers
COSI - Center of Science and Industry’s official LinkedIn profile has approximately 16,870 followers.
NAICS Classification of COSI - Center of Science and Industry
COSI - Center of Science and Industry is classified under the NAICS code 712, which corresponds to Museums, Historical Sites, and Similar Institutions.
COSI - Center of Science and Industry’s Presence on Crunchbase
Yes, COSI - Center of Science and Industry has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/cosi-2.
COSI - Center of Science and Industry’s Presence on LinkedIn
Yes, COSI - Center of Science and Industry maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/cosi---center-of-science-and-industry.
Cybersecurity Incidents Involving COSI - Center of Science and Industry
As of December 03, 2025, Rankiteo reports that COSI - Center of Science and Industry has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
COSI - Center of Science and Industry has an estimated 2,134 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at COSI - Center of Science and Industry ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Center of Science & Industry (COSI)
Description: The Vermont Attorney General's Office reported a data breach involving the Center of Science & Industry (COSI) on November 1, 2023. The breach was discovered on October 13, 2023, and involved unauthorized access to personal information on or about June 26, 2023. The specific number of individuals affected and the types of personal information involved are currently unknown.
Date Detected: 2023-10-13
Date Publicly Disclosed: 2023-11-01
Type: Data Breach
Attack Vector: Unauthorized Access
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
Which entities were affected by each incident ?
Incident : Data Breach COS506072825
Entity Name: Center of Science & Industry (COSI)
Entity Type: Non-profit Organization
Industry: Education
References
Where can I find more information about each incident ?
Incident : Data Breach COS506072825
Source: Vermont Attorney General's Office
Date Accessed: 2023-11-01
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Attorney General's OfficeDate Accessed: 2023-11-01.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-10-13.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-11-01.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Vermont Attorney General's Office.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=cosi---center-of-science-and-industry' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
