HAL A.I CyberSecurity Scoring
23/11/2025
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Hayleys Advantis Limited in 2026.
No incidents recorded for Hayleys Advantis Limited in 2026.
No incidents recorded for Hayleys Advantis Limited in 2026.
Transportation, Logistics, Supply Chain and Storage
Premier réseau commercial de proximité en France, le groupe La Poste est organisé en 4 branches d’activité : Services-Courrier-Colis, Banque et Assurance, Distributeur physique et numérique, GeoPost/DPDGroup pour l'international. Présent dans plus de 63 pays, sur 5 continents, il a réalisé un chiffre d’affaires de 34,1 Mds€ en 2023. En 2021, le groupe La Poste est devenu la première entreprise publique à adopter la qualité de société à mission. 4 engagements sociétaux sont désormais inscrits dans ses statuts : • Contribuer au développement et à la cohésion des territoires • Favoriser l’inclusion sociale • Promouvoir un numérique éthique, inclusif et frugal • Œuvrer à l’accélération de la transition écologique pour tous Le groupe La Poste, avec plus de 232 000 collaborateurs, naturellement et historiquement engagé pour la société, se mobilise pour rendre ses activités plus durables au regard des enjeux sociétaux et environnementaux, et pour faciliter la transition écologique de tous les Français.
UPS Supply Chain Solutions offers a comprehensive portfolio of services to enhance customers' business performance, including logistics and distribution, transportation and freight, consulting, customs brokerage, and international trade services. UPS provides the expertise and the scale to meet the total supply chain needs of customers worldwide, whether it requires the movement of goods, information or funds.
Founded in 1982, Aramex has emerged as a global leader in logistics and transportation, renowned for its innovative services tailored to businesses and consumers. As a listed company on the Dubai Financial Market (since 2005) and headquartered in the UAE, our strategic location facilitates extensive customer reach worldwide, bridging the gap between East and West. With operations in 600+ cities across 70 countries, Aramex employs over 16,000 professionals. Our success is attributed to four distinct business products that provide scalable, diversified, and end-to- end services for customers. These products are: • International Express, encompassing Aramex's Parcel Forwarding Business (Shop & Ship and MyUS). • Domestic Express • Freight Forwarding • Logistics & Supply Chain Solutions Sustainability is at the core of our vision and mission. To build a truly sustainable business, we leverage our core competencies to make a positive impact as responsible members of the communities we serve. Through partnerships with local and international organizations, we strive to expand our reach and benefit more individuals through targeted programs and initiatives, ensuring long-term positive change and community development. For more information, please visit us: www.aramex.com
At Toll, we do more than just logistics - we move the businesses that move the world. Our 16,000 team members can help solve any logistics, transport, or supply chain challenge – big or small. We have been supporting our customers for more than 130 years. Today, we support more than 20,000 customers worldwide with 500 sites in 29 markets, and a forwarding network spanning 150 countries. We are proudly part of Japan Post — www.tollgroup.com What moves you? At Toll, you can help play a vital role in delivering what matters. From food, fuel, medicine and rescue services, we keep businesses and communities thriving. Every day brings change. We see that as an opportunity. To be curious. To ask the right questions. And build meaningful connections. Because finding new ways to solve problems is what we do. With a bold vision to expand our global reach, our 16,000+ people bring a passion for progress. We collaborate in friendly, caring teams, supported by approachable leaders who give us the autonomy to quickly make decisions with impact. Learn and grow with industry-leading training, alongside talented experts. Feel empowered to take on diverse challenges and new responsibilities to move you, our customers, and our world further.
At DSV, we keep supply chains flowing in a world of change. We provide and manage supply chain solutions for thousands of companies every day – from small family-run businesses to large global corporations. Our reach is global, yet our presence is local and close to our customers. Approx. 160,000 employees in over 90 countries work passionately to deliver great customer experiences and high-quality services. We aspire to lead the way towards a more sustainable future for our industry and are committed to trading on nature’s terms. DSV is a dynamic organisation that fosters inclusivity and diversity. We conduct our business with integrity, respecting different cultures and the dignity and rights of individuals. Read more at www.dsv.com.
DTDC Express Ltd is one of India’s leading integrated express logistics company offering domestic and international services. DTDC offers a comprehensive range of technology-enabled logistics services, serving a wide spectrum of customers across diverse industry verticals. Today, DTDC operates India’s largest physically accessible express logistics network and has over 15,000 exclusive channel partners which contribute to its sales and service capabilities.
DHL is the leading global brand in the logistics industry. Our divisions offer an unrivaled portfolio of logistics services ranging from national and international parcel delivery, e-commerce shipping and fulfillment solutions, international express, road, air and ocean transport to industrial supply chain management. With specialized solutions for growth markets and industries including technology, life sciences and healthcare, engineering, manufacturing & energy, auto-mobility and retail, DHL is decisively positioned as "The logistics company for the world". DHL is part of DHL Group. Privacy notice https://group.dhl.com/en/data-protection.html
Ecom Express: Delivering Over 1.9 Billion Reasons to Trust Us Based in Gurugram, Ecom Express was established in 2012 by veterans backed by 100+ years of collective logistics expertise. We aren't just a logistics provider—we're your partner in bridging distances and making connections. Our network reaches every corner, covering 27,000+ PIN codes in 2700+ towns, meticulously handled over 1.9 billion parcels in the past 10+ years. We're not just delivering; we're innovating with solutions like Ecom Magnum, comprehensive shipping services, fulfillment capabilities, Bulls.ai and drone technology—ensuring every package is delivered to the right location on time. Connect | Deliver| Grow https://bit.ly/4d0sHpV
ID Logistics, headed by Eric Hémar, is an international contract logistics group with revenues of €3.3 billion in 2024. ID Logistics manages nearly 450 sites in 19 countries, representing more than 9 million m² operated in Europe, America, Asia and Africa, with 42,000 employees. With a customer portfolio balanced between distribution, e-commerce and consumer goods, ID Logistics is characterized by offers involving a high level of technology. Since its creation in 2001, the Group has developed a social and environmental approach through a number of original projects and is now firmly committed to an ambitious CSR policy. ID Logistics shares are listed on the Euronext regulated market in Paris and are included in the SBF 120 index (ISIN code: FR0010929125, Mnemo: IDL).
Latest updates, reports, and threat intel affecting the global network.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.