HCC A.I CyberSecurity Scoring
25/01/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for House of Commons Committees in 2026.
No incidents recorded for House of Commons Committees in 2026.
No incidents recorded for House of Commons Committees in 2026.
The European Parliament is the elected body of the European Union. The Parliament consists of 720 members elected by citizens in EU countries. The Members work in close unison with the Commission and the Council in shaping the laws and policies of the EU. Follow our Linkedin page and newsletter to get the latest updates from the European Parliament. Privacy statement: https://www.europarl.europa.eu/website/files/Privacy_statement_Social_media_usage.pdf COMMUNITY GUIDELINES ================================== We encourage all forms of discussion on this page. Please keep in mind the following guidelines while participating. We want our page to be a space where everyone, regardless of country or political persuasion, feels comfortable to participate. To ensure this we cannot accept comments that are either offensive in themselves or clearly offensive to other users. Comments that are defamatory, unlawful or include copyright infringements are also against our rules. We will delete these types of comments and we may ban users who keep on using offensive language, as well as people impersonating public figures or using fake accounts. We always welcome debate, but it is important to remain respectful to other users and focus on arguments, not personal attacks. Out of respect for World War II victims and veterans we will also remove comments referring to Nazis, the Soviet Union, Hitler or Stalin. We encourage you to post comments that stick to the subject and would appreciate it if you refrain from posting advertisements on our page, (for your businesses, blogs or websites, etc). This also applies to political campaigning on a national level. Spam and other off-topic items will be deleted. We aim to respond to direct questions in a timely manner; however, we cannot guarantee responses to all questions and comments.
Latest updates, reports, and threat intel affecting the global network.
The UK Parliament has formally invited cyber security professionals, organisations and subject-matter experts to contribute evidence to the...
E&E DAILY | Lawmakers on the House Energy and Commerce Committee will weigh legislation this week that would reauthorize key cybersecurity...
Do you have relevant expertise and experience or a special interest in the Cyber Security and Resilience (Network and Information Systems)...
MPs will consider the Cyber Security and Resilience Bill, while Peers debate the Diego Garcia, Sentencing, and Crime and Policing Bills.
Barriers to Entrepreneurship Among Veterans Witnesses As an individual Jocelyn Démétré, President, Hero Lodge John Proctor, Partner,...
Chancellor Rachel Reeves faces questions in the Chamber and before the Treasury Committee about the Budget. MPs debate the Railways Bill for...
Washington, DC – Today, Congresswoman Shontel Brown's bipartisan SAMOSA Act was approved by the House Committee on Oversight and Government...
Security Minister Dan Jarvis gave a keynote speech at the Cybersecurity Business Network's inaugural Parliament and Cyber conference.
Committee calls for Economic Security Bill to enshrine the approach set out in new Report in law, with the appointment of a dedicated...
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users.
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation that consumes the video owner's credits without consent.
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Exploitation requires authenticated file-upload access and the impact is limited to availability (denial of service). The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds a metadata preflight check that sums projected entry sizes and a streaming writer that enforces the aggregate limit during decompression. As a workaround, restrict file-upload permissions to trusted users or place a reverse proxy with request-body size limits in front of `coderd`.
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `PUT /api/v2/users/{user}/password` endpoint authorized only `ActionUpdatePersonal` and did not prevent a `user-admin` from resetting an `owner` account's password. It also did not require the current password when an admin reset another user's password. Exploitation requires the privileged `user-admin` role so practical risk is limited to deployments that grant `user-admin` to less trusted operators. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 prevents non-owner users from resetting the password of an account that holds the `owner` role. As a workaround, restrict the `user-admin` role to trusted administrators.
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 coerces `email_verified` across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject. As a workaround, ensure the IdP returns `email_verified` as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required.
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.