BE A.I CyberSecurity Scoring
07/02/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Business with ESA in 2026.
No incidents recorded for Business with ESA in 2026.
No incidents recorded for Business with ESA in 2026.
At CAE, we exist to make the world safer. We deliver cutting-edge training, simulation, and critical operations solutions to prepare aviation professionals and defence forces for the moments that matter. Every day, we empower pilots, cabin crew, maintenance technicians, airlines, business aviation operators, and defence and security personnel to perform at their best and when the stakes are the highest. Around the globe, we’re everywhere customers need us to be with approximately 13,000 employees at around 240 sites and training locations in over 40 countries. For nearly 80 years, CAE has been at the forefront of innovation, consistently seeking to set the standard by delivering excellence in high-fidelity flight simulators and training solutions, while embedding sustainability at the heart of everything we do. By harnessing technology and enhancing human performance, we strive to be the trusted partner in advancing safety and mission readiness - today and tomorrow.
Pratt & Whitney, an RTX business, is a global leader in propulsion systems, powering the most advanced aircraft in the world, and we are shaping the future of aviation. Our engines help connect people, grow economies and defend freedom. Our customers depend on us to get where they’re going and back again.
Bombardier is a global leader in aviation, focused on designing, manufacturing, and servicing the world's most exceptional business jets. Bombardier’s Challenger and Global aircraft families are renowned for their cutting-edge innovation, cabin design, performance, and reliability. Bombardier has a worldwide fleet of approximately 5,000 aircraft in service with a wide variety of multinational corporations, charter and fractional ownership providers, governments, and private individuals. Bombardier aircraft are also trusted around the world in government and military special-mission roles leveraging Bombardier Defense’s proven expertise. Headquartered in Greater Montréal, Québec, Bombardier operates aerostructure, assembly and completion facilities in Canada, the United States and Mexico. The company’s robust customer support network services the Learjet, Challenger and Global families of aircraft, and includes facilities in strategic locations in the United States and Canada, as well as in the United Kingdom, Germany, France, Switzerland, Italy, Austria, the UAE, Singapore, China and Australia. For corporate news and information, including Bombardier’s Environmental, Social and Governance report, as well as the company’s plans to cover all its flight operations with Sustainable Aviation Fuel (SAF) utilizing the Book and Claim system visit bombardier.com. Learn more about Bombardier’s industry-leading products and customer service network at businessaircraft.bombardier.com. Follow us on Twitter @Bombardier.
Airbus pioneers sustainable aerospace for a safe and united world. The Company constantly innovates to provide efficient and technologically-advanced solutions in aerospace, defence, and connected services. In commercial aircraft, Airbus designs and manufactures modern and fuel-efficient airliners and associated services. Airbus is also a European leader in space systems, defence and security. In helicopters, Airbus provides efficient civil and military rotorcraft solutions and services worldwide.
We are building a road to space for the benefit of Earth, humanity’s blue origin. Our team is focused on radically reducing the cost of access to space and harnessing its vast resources while mobilizing future generations to realize this mission. Blue Origin builds reusable rocket engines, launch vehicles, in-space systems, and lunar landers. Discover more at BlueOrigin.com. *We hope you engage with us and our community. However, we reserve the right to remove derogatory or off-topic comments from our social media accounts. Thank you for understanding.*
SpaceX designs, manufactures and launches the world’s most advanced rockets and spacecraft. The company was founded in 2002 by Elon Musk to revolutionize space transportation, with the ultimate goal of making life multiplanetary. SpaceX has gained worldwide attention for a series of historic milestones. It is the only private company ever to return a spacecraft from low-Earth orbit, which it first accomplished in December 2010. The company made history again in May 2012 when its Dragon spacecraft attached to the International Space Station, exchanged cargo payloads, and returned safely to Earth — a technically challenging feat previously accomplished only by governments. Since then Dragon has delivered cargo to and from the space station multiple times, providing regular cargo resupply missions for NASA. For more information, visit www.spacex.com.
Inventing, designing and building what’s best in aerospace. Spirit AeroSystems is one of the world’s largest manufacturers of aerostructures for commercial airplanes, defense platforms, and business/regional jets. With expertise in aluminum and advanced composite manufacturing solutions, the company’s core products include fuselages, integrated wings and wing components, pylons, and nacelles. Also, Spirit serves the aftermarket for commercial and business/regional jets. Headquartered in Wichita, Kansas, Spirit has facilities in the U.S., U.K., France, Malaysia and Morocco.
Textron Inc. is a multi-industry company that leverages its global network of aircraft, defense, industrial and finance businesses to provide customers with innovative solutions and services. Textron is known around the world for its powerful brands such as Bell, Cessna, Beechcraft, Pipistrel, Jacobsen, Kautex, Lycoming, E-Z-GO, and Textron Systems. For more information, visit: www.textron.com.
The FAA is on the leading edge of a new frontier in commercial space transportation, building the next generation (NextGen) of satellite-based navigation systems, and fostering the safe integration of unmanned aerial systems into our airspace. We can only dream of what the next 50 years of American ingenuity will look like, but FAA employees will be working to ensure that the United States continues to lead the world in aerospace safety, innovation and advancements that continue to push the limits of science and technology. The FAA is an operating administration within the Department of Transportation (DOT) and a proud partner in the DOT mission to serve the United States by ensuring a fast, safe, efficient, accessible and convenient transportation system that meets our vital national interests and enhances the quality of life of the American people, today and into the future. Specifically, the FAA mission is to provide the safest, most efficient aerospace system in the world.
Latest updates, reports, and threat intel affecting the global network.
It has just been a few weeks since we reported on the Christmas cyber attack suffered by the European Space Agency (ESA), and the situation...
The European Space Agency (ESA) has confirmed that a series of cyberattacks has led to the leak of sensitive data — including staff email...
The European Space Agency confirmed to The Register the second major breach in two weeks, with a criminal group claiming to have stolen...
The European Space Agency has said that external servers were recently involved in a security “issue”
For the latest discoveries in cyber research for the week of 5th January, please download our Threat Intelligence Bulletin.
The European Space Agency (ESA) has confirmed a cybersecurity breach involving servers located outside its corporate network.
A roundup examining recent breaches, law enforcement action, and cybercrime leaning less on exploits and more on incentives.
The European Space Agency has suffered yet another security incident and, in keeping with past practice, says the impact is limited.
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Exploitation requires authenticated file-upload access and the impact is limited to availability (denial of service). The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds a metadata preflight check that sums projected entry sizes and a streaming writer that enforces the aggregate limit during decompression. As a workaround, restrict file-upload permissions to trusted users or place a reverse proxy with request-body size limits in front of `coderd`.
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password. Exploitation requires the privileged `user-admin` role so practical risk is limited to deployments that grant `user-admin` to less trusted operators. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 prevents non-owner users from resetting the password of an account that holds the `owner` role. As a workaround, restrict the `user-admin` role to trusted administrators.
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 coerces `email_verified` across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject. As a workaround, ensure the IdP returns `email_verified` as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required.
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.