Iberia Express
Company Details
Linkedin ID:
iberia-express
Website:
Employees number:
637
Number of followers:
89,595
NAICS:
481
Industry Type:
Homepage:
iberiaexpress.com
IP Addresses:
0
Company ID:
IBE_1694211
Scan Status:
In-progress
Iberia Express Company CyberSecurity Posture
iberiaexpress.com
We are part of the Iberia Group, the leading low-cost airline at Madrid airport and on routes to the Canary and Balearic Islands. Our hybrid “low cost, high quality” business model combines great efficiency with a customer experience that includes connecting flights and Business Class service. In 2024, we were the world’s most punctual low-cost airline and the most punctual airline in Europe, according to consultancy firm Cirium. We operate a highly efficient fleet of 25 aircraft, which will help us meet our commitment to net zero emissions by 2050. The Iberia Express team is made up of more than 900 employees who share and promote the values of teamwork, warmth, and kindness, which are the core of our company’s DNA, as well as diversity in all areas.
Iberia Express A.I CyberSecurity Scoring
Iberia Express Risk Score (AI oriented)Between 0 and 549
Iberia Express
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Iberia Express Global Score (TPRM)XXXX
Iberia Express
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Iberia Express Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
Iberia
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Spanish airline **Iberia** suffered a **significant data breach** on **November 23, 2025**, originating from a **third-party supplier**. Hackers compromised the vendor’s systems, gaining access to **sensitive customer data**, including **names, email addresses, loyalty program details (Iberia Plus tier statuses, point balances, travel histories)**, and **77GB of proprietary technical documents** (e.g., **aircraft maintenance files, engine specifications, internal certificates**). While **payment information and passwords were not exposed**, the breach heightened risks of **phishing, identity theft, and potential operational risks** if technical data was exploited. The threat actor advertised the stolen data on **dark web forums for $150,000**, accelerating public disclosure. Iberia isolated affected systems, engaged cybersecurity experts, and offered **free credit monitoring** to impacted customers. The incident underscored **supply-chain vulnerabilities** in aviation, prompting regulatory scrutiny under **GDPR** and industry-wide reviews of third-party security protocols.
Iberia
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Spanish airline **Iberia** disclosed a **data breach** stemming from a compromise of a **third-party service provider**. The incident exposed **personal customer data**, including **names, email addresses, and Iberia Plus loyalty card numbers**, though passwords and full payment details remained secure. However, a **threat actor** claimed responsibility on a dark web forum, advertising **77 GB of stolen internal data** for $150,000. The leaked dataset allegedly includes **sensitive aircraft technical documentation** (A320/A321 models), **AMP maintenance files, engine data, and signed internal documents**, some labeled as **ISO 27001 and ITAR-classified**—indicating regulated, export-controlled material. While Iberia confirmed no evidence of fraudulent use yet, the breach involved **highly sensitive corporate and operational data**, raising concerns over **intellectual property theft, regulatory violations, and potential operational risks**. The airline has tightened security measures, including **enhanced verification for account changes and increased monitoring**, while collaborating with vendors and notifying **Spanish and EU data protection authorities** under GDPR compliance. The breach was first detected in **mid-November 2025**, with customer notifications issued later.
Iberia
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Iberia, Spain’s national flag carrier airline, suffered a **third-party data breach** after a threat actor claimed to have exfiltrated **77 GB of its sensitive data**. The incident, reported by *Security Affairs*, suggests the compromise involved external vendor systems, potentially exposing corporate, operational, or customer-related information. While the exact nature of the stolen data (e.g., employee records, flight operations, passenger details) remains undisclosed, the scale (77 GB) indicates a **significant data leak** with possible reputational, financial, and regulatory repercussions. The breach underscores vulnerabilities in supply chain cybersecurity, where third-party vendors serve as attack vectors for targeting high-profile organizations. Iberia has not confirmed whether the stolen data includes **customer personal information** or **internal employee records**, but the volume suggests a high-risk exposure. The incident may trigger investigations under **GDPR** (given Iberia’s EU operations) and could erode customer trust, particularly if financial or identity-related data was compromised.
Iberia
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Iberia, Spain’s national flag carrier airline, suffered a **third-party data breach** after a threat actor claimed to have exfiltrated **77 GB of its sensitive data**. The incident, reported by *Security Affairs*, suggests the compromise involved external vendor systems, though the exact nature of the stolen data (e.g., customer records, operational details, or employee information) was not explicitly disclosed. The breach poses significant risks, including potential exposure of **personal or corporate data**, financial fraud, or reputational damage, especially given Iberia’s role as a major airline with access to passenger information, flight operations, and partner networks. The scale of the stolen data (77 GB) indicates a **large-scale intrusion**, likely targeting high-value assets. While no ransomware was mentioned, the theft of such a substantial volume of data aligns with cybercriminal motives for **espionage, resale on dark web markets, or leverage in future attacks**. The incident underscores vulnerabilities in third-party supply chains, a growing attack vector for airlines and critical infrastructure providers.
Iberia
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: The Spanish flag carrier **Iberia** suffered a major **data breach** orchestrated by the Russian-linked cybercriminal group **Everest**. The attackers claim to have stolen **596 GB of sensitive data**, including **5 million passenger records** with **names, contact details, birthdates, travel/booking information, and masked credit card data**. Initially, Iberia acknowledged only the compromise of **frequent flyer program details (names, emails, and loyalty numbers)**, but Everest asserts the breach is far more extensive, involving **internal technical data for aircraft and engines** as well. The group, known for **financially motivated extortion**, has demanded a **ransom** in exchange for not leaking the stolen data. Everest previously disrupted **European airports** (e.g., Brussels, Heathrow, Berlin) via an attack on **Collins Aerospace’s MUSE check-in system**, causing flight cancellations. If leaked, the stolen passenger data could fuel **large-scale phishing scams**, tricking victims into revealing financial or personal information via **malware-laden links or fake airline websites**. Iberia has not confirmed the full scope of the breach, but the incident underscores the aviation sector’s growing vulnerability to **cyber extortion and data theft**.
Iberia Express Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Iberia Express
Incidents vs Airlines and Aviation Industry Average (This Year)
Iberia Express has 1036.36% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Iberia Express has 681.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Iberia Express vs Airlines and Aviation Industry Avg (This Year)
Iberia Express reported 5 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 4 data breaches, compared to industry peers with at least 1 incident.
Incident History — Iberia Express (X = Date, Y = Severity)
Iberia Express cyber incidents detection timeline including parent company and subsidiaries
Iberia Express Company Subsidiaries
We are part of the Iberia Group, the leading low-cost airline at Madrid airport and on routes to the Canary and Balearic Islands. Our hybrid “low cost, high quality” business model combines great efficiency with a customer experience that includes connecting flights and Business Class service. In 2024, we were the world’s most punctual low-cost airline and the most punctual airline in Europe, according to consultancy firm Cirium. We operate a highly efficient fleet of 25 aircraft, which will help us meet our commitment to net zero emissions by 2050. The Iberia Express team is made up of more than 900 employees who share and promote the values of teamwork, warmth, and kindness, which are the core of our company’s DNA, as well as diversity in all areas.
Loading...
Iberia Express Similar Companies
GOL Linhas Aéreas
Somos a maior Companhia Aérea do País e estamos entre as que mais crescem no mundo. A nossa história começou em 2001 e, desde então, somos responsáveis por inovar o mercado da aviação no Brasil. Tudo isso graças à dedicação do nosso Time para garantir o nosso Valor número 1, a Segurança, entregand
Delta Air Lines
Delta Air Lines (NYSE: DAL) is the U.S. global airline leader in safety, innovation, reliability and customer experience. Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-winning customer s
!BIenvenido al sitio oficial! Avianca es la primera aerolínea comercial fundada en las Américas y la segunda en el mundo. Enfocados en alcanzar la excelencia y eficiencia operacional, se dio marcha a una profunda reorganización de los procesos, la cual ha estado acompañada de la modernización
AirAsia
It all starts here. 23 years ago, a dream took flight - shaping and forever changing the travel industry in Asia. The idea was simple: Make flying affordable for everyone. We made that dream happen. We started an airline in 2001. Today, we’ve evolved to become something much bigger. We’re now a wo
Menzies Aviation
People. Passion. Pride. These have driven our team since 1833. Since that time, we have developed to become a critical partner in the global aviation industry, delivering time-critical logistics services at over 300 locations in 65 countries, across six continents. But at the heart of our
Turkish Airlines
Turkish Airlines has soared to new heights since its first flight in 1933, becoming the airline that connects more countries than any other. Our commitment to excellence is reflected in the world-class service, comfort, and innovative travel experience we offer, designed to elevate every journey.
Singapore Airlines
Welcome aboard Singapore Airlines on LinkedIn. Discover travel inspirations, business travel tips, cultural insights, our latest updates, and more. Singapore Airlines is a global company dedicated to providing air transportation services of the highest quality and to maximising returns for the ben
We’re creating an airline people love. It begins with each Alaska Airlines employee, bringing unique strengths and energy to our work in the air and on the ground. Every day, we go beyond what’s expected and reach for the remarkable, together. Welcome to our LinkedIn page. We like conversations on
We would like to acknowledge the Traditional Custodians of the local lands and waterways on which we live, work and fly. We pay our respects to Elders past and present. Spirit is everything to us, and joining the Qantas team means bringing your spirit to ours. We have over 26,000 exceptional emplo
.png)
Iberia Express CyberSecurity News
November 14, 2025 08:00 AM
Iberia eyes 25% more Brazil capacity in 2026, boosted by Airbus jets
Spanish airline Iberia aims to expand substantially in Brazil for the second year in a row in 2026, an executive said, as new Airbus jets...
May 06, 2025 07:00 AM
Foreign airlines extend Israel flight suspensions
Many foreign airlines have suspended all Tel Aviv flights this week, as Israeli carriers have added flights to rescue Israelis stranded abroad.
May 05, 2025 07:00 AM
European Airlines Suspend Flights to Israel After Airport Attack
Lufthansa and ITA Airways suspended flights to Tel Aviv until May 6 after a Houthi attack on Ben Gurion Airport.
April 29, 2025 07:00 AM
Pro-Russian hacking group claims responsibility for Spain and Portugal power outage
The European Union's cyber security wing ruled out that the power outage was the result of a hack, but a group has claimed to be behind the...
April 29, 2025 07:00 AM
Power Outage: Spain update on cyberattack fears as cause of disruption still unknown
A massive power outage struck Spain and Portugal yesterday leaving millions without power and severely disrupting transport including flights, government and...
January 06, 2025 08:00 AM
Iberia to Vueling: Which European airlines were most on-time in 2024?
The report's authors say the aviation industry has demonstrated significant resilience in the face of global industry challenges in 2024.
January 05, 2025 08:00 AM
Iberia and Iberia Express, the Most Punctual Airlines in Europe in 2024
With 84.69% of flights on time, Iberia Express is the world's leading low-cost airline and heads the punctuality ranking for European...
January 02, 2025 08:00 AM
Canadian airlines don't make list of top on-time arrivals
By The Associated Press. Posted January 2, 2025 1:16 pm. Last Updated January 2, 2025 5:05 pm. Mexican airline Aeromexico had the world's best record for...
January 02, 2025 08:00 AM
Major Canadian airlines rank bottom of the pack for being on time, data shows
Mexican airline Aeromexico had the world's best record for on-time arrivals in 2024, according to an annual ranking released Thursday.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Iberia Express CyberSecurity History Information
Official Website of Iberia Express
The official website of Iberia Express is http://www.iberiaexpress.com.
Iberia Express’s AI-Generated Cybersecurity Score
According to Rankiteo, Iberia Express’s AI-generated cybersecurity score is 502, reflecting their Critical security posture.
How many security badges does Iberia Express’ have ?
According to Rankiteo, Iberia Express currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Iberia Express have SOC 2 Type 1 certification ?
According to Rankiteo, Iberia Express is not certified under SOC 2 Type 1.
Does Iberia Express have SOC 2 Type 2 certification ?
According to Rankiteo, Iberia Express does not hold a SOC 2 Type 2 certification.
Does Iberia Express comply with GDPR ?
According to Rankiteo, Iberia Express is not listed as GDPR compliant.
Does Iberia Express have PCI DSS certification ?
According to Rankiteo, Iberia Express does not currently maintain PCI DSS compliance.
Does Iberia Express comply with HIPAA ?
According to Rankiteo, Iberia Express is not compliant with HIPAA regulations.
Does Iberia Express have ISO 27001 certification ?
According to Rankiteo,Iberia Express is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Iberia Express
Iberia Express operates primarily in the Airlines and Aviation industry.
Number of Employees at Iberia Express
Iberia Express employs approximately 637 people worldwide.
Subsidiaries Owned by Iberia Express
Iberia Express presently has no subsidiaries across any sectors.
Iberia Express’s LinkedIn Followers
Iberia Express’s official LinkedIn profile has approximately 89,595 followers.
NAICS Classification of Iberia Express
Iberia Express is classified under the NAICS code 481, which corresponds to Air Transportation.
Iberia Express’s Presence on Crunchbase
No, Iberia Express does not have a profile on Crunchbase.
Iberia Express’s Presence on LinkedIn
Yes, Iberia Express maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/iberia-express.
Cybersecurity Incidents Involving Iberia Express
As of November 27, 2025, Rankiteo reports that Iberia Express has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
Iberia Express has an estimated 3,298 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Iberia Express ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Iberia Express detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with tightened account change procedures (additional verification for email modifications), containment measures with increased monitoring for suspicious activity, and remediation measures with enhanced technical safeguards, and communication strategy with customer notifications (weekend disclosure), communication strategy with advisories for vigilance against fraud, and and incident response plan activated with yes (systems isolated, forensic investigation launched), and third party assistance with yes (cybersecurity experts engaged), and containment measures with isolation of affected systems, containment measures with dark web monitoring for data leaks, and remediation measures with forensic investigation, remediation measures with supplier security audit, and recovery measures with customer notifications, recovery measures with free credit monitoring for affected individuals, and communication strategy with prompt public disclosure, communication strategy with customer advisories (password changes, account monitoring), and enhanced monitoring with yes (real-time monitoring of data flows with suppliers), and incident response plan activated with yes (iberia secured its it systems post-breach), and containment measures with securing it systems (details unspecified), and communication strategy with alerted iberia club members via email about potential data compromise..
Incident Details
Can you provide details on each incident ?
Title: Iberia Data Breach via Third-Party Service Provider
Description: Spanish airline Iberia disclosed a data breach affecting customer personal information, including names, email addresses, and Iberia Plus loyalty card numbers. The breach originated from a compromised third-party supplier system. A threat actor claimed responsibility on a dark web forum, advertising 77 GB of stolen internal data (including aircraft technical documentation, maintenance files, and ITAR-classified materials) for $150,000. Iberia confirmed no exposure of account passwords or full payment details but has enhanced security measures and notified regulatory authorities.
Date Detected: 2025-11-14
Type: Data Breach
Attack Vector: Supply Chain AttackThird-Party Vendor Exploitation
Threat Actor: Dark Web Presence: True
Motivation: Financial GainData Theft for Resale
Title: Iberia Airlines Data Breach via Third-Party Supplier
Description: Spanish airline Iberia, part of the International Airlines Group (IAG), disclosed a significant data breach on November 23, 2025, originating from a compromised third-party supplier. The breach exposed sensitive customer information, including names, email addresses, loyalty program details, and technical documents related to aircraft maintenance (e.g., A320, A321 engine specifications and internal certificates). The threat actor advertised 77GB of stolen data on dark web forums for $150,000, raising concerns about phishing, identity theft, and potential risks to aviation safety. Iberia confirmed no payment information or passwords were compromised but advised customers to monitor accounts and change passwords. The incident underscores vulnerabilities in aviation supply chains and the risks of outdated security protocols among third-party vendors.
Date Publicly Disclosed: 2025-11-23
Type: Data Breach
Attack Vector: Third-Party Vendor CompromiseMisconfigured Cloud Storage (speculated)Inadequate Access Controls (speculated)
Vulnerability Exploited: Outdated Security Protocols (vendor)Potential Configuration Flaws in Shared Platforms (e.g., Salesforce-like systems)
Motivation: Financial Gain (data sold for $150,000 on dark web)
Title: Iberia Third-Party Data Breach (November 2025)
Description: Iberia, Spain's flag carrier, confirmed being impacted by a third-party breach after a threat actor claimed to have stolen 77 GB of its data.
Date Publicly Disclosed: 2025-11-24
Type: Data Breach (Third-Party)
Title: Iberia Third-Party Data Breach (November 2025)
Description: Iberia, Spain's flag carrier, confirmed being impacted by a third-party breach after a threat actor claimed to have stolen 77 GB of its data.
Date Publicly Disclosed: 2025-11-24
Type: Data Breach (Third-Party)
Title: Data Breach at Iberia Airlines by Everest Hacking Group
Description: A Russian-linked cybercriminal group, Everest, claimed responsibility for a data breach at Spanish flag carrier Iberia, alleging the theft of 596 GB of sensitive passenger data, including names, contact details, birthdates, travel/booking information, and masked credit card data. The group, financially motivated, attempted to extort Iberia by threatening to leak the data publicly. The breach was linked to a third-party customer management software vulnerability. Everest also claimed to have compromised Iberia’s internal systems, stealing technical data related to aircraft and engines. The incident follows a pattern of increasing cyberattacks on the aviation industry, with recent breaches at Air France-KLM, Qantas, Hawaiian Airlines, and WestJet, often tied to third-party software like Salesforce.
Date Publicly Disclosed: 2025-11-23
Type: Data Breach
Attack Vector: Third-party software vulnerability (customer management system)Dark web extortion
Vulnerability Exploited: Third-party customer management software (details unspecified)
Threat Actor: Everest (Russian-linked cybercrime group)
Motivation: Financial gain (ransom extortion)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Third-Party Service Provider System, Third-Party Supplier’s Systems (likely via misconfigured cloud storage or access controls) and Third-party customer management software.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach IBE5920359112425
Data Compromised: Names, Email addresses, Iberia plus loyalty card numbers, Aircraft technical documentation (a320/a321), Amp maintenance files, Engine data, Signed internal documents, Iso 27001/itar-classified materials
Systems Affected: Third-Party Supplier System
Brand Reputation Impact: Potential reputational damage due to exposure of sensitive and regulated data
Legal Liabilities: Regulatory scrutiny under Spanish/EU data protection laws (e.g., GDPR)
Identity Theft Risk: Low (no passwords or full payment details exposed)
Payment Information Risk: None (full payment details confirmed secure)
Incident : Data Breach IBE5015650112525
Data Compromised: Customer names, Email addresses, Loyalty program details (iberia plus tier statuses, point balances, travel histories), Technical documents (aircraft maintenance files, engine specifications, internal certificates for a320/a321 models)
Systems Affected: Third-Party Supplier SystemsPotentially Shared CRM/Booking Platforms
Operational Impact: Potential Risk to Aviation Safety (if technical documents exploited)Disruption to Customer TrustIncreased Scrutiny on Vendor Security Practices
Customer Complaints: Expected (specific numbers not disclosed)
Brand Reputation Impact: High (eroded consumer trust, potential market position decline)
Legal Liabilities: Potential GDPR Fines (under investigation by EU regulators)Lawsuits from Affected Customers
Identity Theft Risk: High (phishing and fraud risks due to exposed PII)
Payment Information Risk: None (confirmed not compromised)
Incident : Data Breach (Third-Party) IBE40104140112625
Data Compromised: 77 GB
Incident : Data Breach (Third-Party) IBE38105638112625
Data Compromised: 77 GB
Incident : Data Breach IBE26101526112625
Data Compromised: Names, Contact details (email addresses), Birthdates, Travel and booking information, Frequent flyer numbers, Masked credit card data, Technical data for aircraft and engines (claimed), Internal documents (claimed)
Systems Affected: Customer management software (third-party)Internal computer systems (claimed, including technical data repositories)
Brand Reputation Impact: High (potential loss of trust due to sensitive data exposure and extortion threats)
Identity Theft Risk: High (phishing scams using stolen passenger details)
Payment Information Risk: Moderate (masked credit card data exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data (Pii), Corporate/Technical Data, Regulated/Classified Data (Iso 27001, Itar), , Personal Identifiable Information (Pii), Loyalty Program Data, Proprietary Technical Documents, , Personal Identifiable Information (Pii), Travel/Booking Records, Financial Data (Masked Credit Cards), Technical Data (Aircraft/Engine Specifications, Claimed), Internal Documents (Claimed) and .
Which entities were affected by each incident ?
Incident : Data Breach IBE5920359112425
Entity Name: Iberia Líneas Aéreas de España (Iberia)
Entity Type: Airline
Industry: Aviation
Location: Spain
Size: Large (Flag carrier, part of International Airlines Group)
Customers Affected: Undisclosed (subset of Iberia Plus loyalty program members and potentially other stakeholders)
Incident : Data Breach IBE5015650112525
Entity Name: Iberia Airlines
Entity Type: Airline
Industry: Aviation
Location: Spain (Headquarters in Madrid)
Size: Large (operates over 100 aircraft, serves millions annually)
Customers Affected: Iberia Plus Loyalty Program Members (exact number undisclosed)
Incident : Data Breach IBE5015650112525
Entity Name: Unnamed Third-Party Supplier
Entity Type: Vendor
Industry: IT/Aviation Services (speculated: CRM or booking system provider)
Incident : Data Breach (Third-Party) IBE40104140112625
Entity Name: Iberia
Entity Type: Airline
Industry: Aviation
Location: Spain
Incident : Data Breach (Third-Party) IBE38105638112625
Entity Name: Iberia
Entity Type: Airline
Industry: Aviation
Location: Spain
Incident : Data Breach IBE26101526112625
Entity Name: Iberia
Entity Type: Airline
Industry: Aviation
Location: Madrid, Spain
Customers Affected: 5+ million (based on 5 million records in .eml files)
Incident : Data Breach IBE26101526112625
Entity Name: Iberia Club members
Entity Type: Customer group
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach IBE5920359112425
Incident Response Plan Activated: True
Containment Measures: Tightened account change procedures (additional verification for email modifications)Increased monitoring for suspicious activity
Remediation Measures: Enhanced technical safeguards
Communication Strategy: Customer notifications (weekend disclosure)Advisories for vigilance against fraud
Incident : Data Breach IBE5015650112525
Incident Response Plan Activated: Yes (systems isolated, forensic investigation launched)
Third Party Assistance: Yes (cybersecurity experts engaged)
Containment Measures: Isolation of Affected SystemsDark Web Monitoring for Data Leaks
Remediation Measures: Forensic InvestigationSupplier Security Audit
Recovery Measures: Customer NotificationsFree Credit Monitoring for Affected Individuals
Communication Strategy: Prompt Public DisclosureCustomer Advisories (password changes, account monitoring)
Enhanced Monitoring: Yes (real-time monitoring of data flows with suppliers)
Incident : Data Breach IBE26101526112625
Incident Response Plan Activated: Yes (Iberia secured its IT systems post-breach)
Containment Measures: Securing IT systems (details unspecified)
Communication Strategy: Alerted Iberia Club members via email about potential data compromise
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (systems isolated, forensic investigation launched), Yes (Iberia secured its IT systems post-breach).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Yes (cybersecurity experts engaged).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach IBE5920359112425
Type of Data Compromised: Personal data (pii), Corporate/technical data, Regulated/classified data (iso 27001, itar)
Sensitivity of Data: High (includes ITAR-classified and ISO 27001-protected materials)
File Types Exposed: DocumentsMaintenance FilesTechnical SpecificationsInternal Correspondence
Personally Identifiable Information: NamesEmail AddressesLoyalty Card Numbers
Incident : Data Breach IBE5015650112525
Type of Data Compromised: Personal identifiable information (pii), Loyalty program data, Proprietary technical documents
Sensitivity of Data: High (includes PII and sensitive aviation technical data)
Data Exfiltration: Yes (77GB of data advertised on dark web)
File Types Exposed: Customer DatabasesPDF/Technical ManualsInternal Certificates
Personally Identifiable Information: NamesEmail AddressesLoyalty Program Details (travel histories, tier statuses)
Incident : Data Breach (Third-Party) IBE40104140112625
Data Exfiltration: 77 GB
Incident : Data Breach (Third-Party) IBE38105638112625
Data Exfiltration: 77 GB
Incident : Data Breach IBE26101526112625
Type of Data Compromised: Personal identifiable information (pii), Travel/booking records, Financial data (masked credit cards), Technical data (aircraft/engine specifications, claimed), Internal documents (claimed)
Number of Records Exposed: 5+ million (from .eml files)
Sensitivity of Data: High (PII, travel details, technical data)
Data Exfiltration: Yes (596 GB of data, including 430 GB of .eml files)
File Types Exposed: .eml (email files)Technical documents (claimed)
Personally Identifiable Information: NamesEmail addressesBirthdatesFrequent flyer numbersContact details
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Enhanced technical safeguards, , Forensic Investigation, Supplier Security Audit, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by tightened account change procedures (additional verification for email modifications), increased monitoring for suspicious activity, , isolation of affected systems, dark web monitoring for data leaks, , securing it systems (details unspecified) and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach IBE5920359112425
Ransom Demanded: $150,000 (for 77 GB dataset on dark web)
Data Exfiltration: True
Incident : Data Breach IBE5015650112525
Data Exfiltration: Yes (but not ransomware-related; data sold on dark web)
Incident : Data Breach IBE26101526112625
Ransom Demanded: Yes (amount unspecified, negotiations attempted)
Data Exfiltration: Yes (596 GB)
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Customer Notifications, Free Credit Monitoring for Affected Individuals, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach IBE5920359112425
Regulations Violated: GDPR (EU General Data Protection Regulation), Spanish Data Protection Laws, Potential ITAR (International Traffic in Arms Regulations) violations,
Regulatory Notifications: Spanish Data Protection AuthorityRelevant EU bodies
Incident : Data Breach IBE5015650112525
Regulations Violated: Potential GDPR Non-Compliance (under investigation),
Legal Actions: EU Regulatory Inquiry (Spain’s data protection agency), Potential Lawsuits,
Regulatory Notifications: Customers NotifiedRegulators Informed (EU GDPR authorities)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through EU Regulatory Inquiry (Spain’s data protection agency), Potential Lawsuits, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach IBE5015650112525
Lessons Learned: Supply chain vulnerabilities are critical attack vectors in aviation., Outdated vendor security protocols can cascade risks across interconnected systems., Proactive dark web monitoring can accelerate breach detection., Transparency in disclosure helps mitigate reputational damage., Zero-trust architectures and real-time supplier monitoring are essential.
What recommendations were made to prevent future incidents ?
Incident : Data Breach IBE5920359112425
Recommendations: Customers advised to monitor accounts for suspicious activity, Enhanced verification for account changes, Collaboration with third-party vendors to secure supply chainCustomers advised to monitor accounts for suspicious activity, Enhanced verification for account changes, Collaboration with third-party vendors to secure supply chainCustomers advised to monitor accounts for suspicious activity, Enhanced verification for account changes, Collaboration with third-party vendors to secure supply chain
Incident : Data Breach IBE5015650112525
Recommendations: Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.Enforce mandatory security certifications for all third-party vendors., Implement zero-trust frameworks and multi-factor authentication (MFA)., Conduct regular penetration testing and AI-driven threat detection., Adopt blockchain-based data verification for supply chain integrity., Enhance employee training on phishing and secure data handling., Establish collaborative threat intelligence sharing within the aviation industry., Invest in AI tools for predictive breach analysis.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Supply chain vulnerabilities are critical attack vectors in aviation.,Outdated vendor security protocols can cascade risks across interconnected systems.,Proactive dark web monitoring can accelerate breach detection.,Transparency in disclosure helps mitigate reputational damage.,Zero-trust architectures and real-time supplier monitoring are essential.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Adopt blockchain-based data verification for supply chain integrity., Invest in AI tools for predictive breach analysis., Enhance employee training on phishing and secure data handling., Implement zero-trust frameworks and multi-factor authentication (MFA)., Establish collaborative threat intelligence sharing within the aviation industry., Enforce mandatory security certifications for all third-party vendors. and Conduct regular penetration testing and AI-driven threat detection..
References
Where can I find more information about each incident ?
Incident : Data Breach IBE5920359112425
Source: Hackmanac (Cybersecurity Monitoring Group)
Incident : Data Breach IBE5920359112425
Source: Iberia Customer Notification Letter
Incident : Data Breach IBE5015650112525
Source: BleepingComputer
Incident : Data Breach IBE5015650112525
Source: Security Affairs
Incident : Data Breach IBE5015650112525
Source: Cybernews
Incident : Data Breach IBE5015650112525
Source: Paddle Your Own Kanoo (Analysis on AI in Cybersecurity)
Incident : Data Breach IBE5015650112525
Source: Grab The Axe (Report on AI-Driven Threats)
Incident : Data Breach IBE5015650112525
Source: X (formerly Twitter) – Cybersecurity Accounts Monitoring Dark Web
Incident : Data Breach (Third-Party) IBE40104140112625
Source: Security Affairs
Date Accessed: 2025-11-24
Incident : Data Breach (Third-Party) IBE38105638112625
Source: Security Affairs
Date Accessed: 2025-11-24
Incident : Data Breach IBE26101526112625
Source: Iberia Customer Advisory (Email to Iberia Club members)
Date Accessed: 2025-11-23
Incident : Data Breach IBE26101526112625
Source: Dark Web Post by Everest Group
Date Accessed: 2025-11
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Hackmanac (Cybersecurity Monitoring Group), and Source: Iberia Customer Notification Letter, and Source: BleepingComputer, and Source: Security Affairs, and Source: Cybernews, and Source: Paddle Your Own Kanoo (Analysis on AI in Cybersecurity), and Source: Grab The Axe (Report on AI-Driven Threats), and Source: X (formerly Twitter) – Cybersecurity Accounts Monitoring Dark Web, and Source: Security AffairsDate Accessed: 2025-11-24, and Source: Security AffairsDate Accessed: 2025-11-24, and Source: Hackmanac (Twitter/X)Url: https://t.co/rYSGnNeBN1Date Accessed: 2025-11-25, and Source: Iberia Customer Advisory (Email to Iberia Club members)Date Accessed: 2025-11-23, and Source: Dark Web Post by Everest GroupDate Accessed: 2025-11.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach IBE5920359112425
Investigation Status: Ongoing (internal and external investigations in collaboration with vendors)
Incident : Data Breach IBE5015650112525
Investigation Status: Ongoing (forensic investigation, regulatory inquiries by EU/Spain)
Incident : Data Breach IBE26101526112625
Investigation Status: Ongoing (Iberia has not responded to requests for comment)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customer Notifications (Weekend Disclosure), Advisories For Vigilance Against Fraud, Prompt Public Disclosure, Customer Advisories (Password Changes, Account Monitoring) and Alerted Iberia Club members via email about potential data compromise.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach IBE5920359112425
Stakeholder Advisories: Customers Notified Via Letter, Regulatory Authorities Informed.
Customer Advisories: No evidence of fraudulent use detectedReport suspicious activity promptlyVigilance recommended for phishing or identity theft attempts
Incident : Data Breach IBE5015650112525
Stakeholder Advisories: Customers Advised To Enable Two-Factor Authentication And Monitor Accounts.
Customer Advisories: Password changes recommendedFree credit monitoring offered to affected loyalty program members
Incident : Data Breach IBE26101526112625
Stakeholder Advisories: Iberia Club members notified via email
Customer Advisories: Passengers warned about potential phishing scams using stolen data
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers Notified Via Letter, Regulatory Authorities Informed, No Evidence Of Fraudulent Use Detected, Report Suspicious Activity Promptly, Vigilance Recommended For Phishing Or Identity Theft Attempts, , Customers Advised To Enable Two-Factor Authentication And Monitor Accounts, Password Changes Recommended, Free Credit Monitoring Offered To Affected Loyalty Program Members, , Iberia Club members notified via email and Passengers warned about potential phishing scams using stolen data.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach IBE5920359112425
Entry Point: Third-Party Service Provider System
High Value Targets: Aircraft Technical Documentation, Itar-Classified Data,
Data Sold on Dark Web: Aircraft Technical Documentation, Itar-Classified Data,
Incident : Data Breach IBE5015650112525
Entry Point: Third-Party Supplier’s Systems (likely via misconfigured cloud storage or access controls)
High Value Targets: Customer Pii, Aircraft Maintenance Documents, Internal Certificates,
Data Sold on Dark Web: Customer Pii, Aircraft Maintenance Documents, Internal Certificates,
Incident : Data Breach IBE26101526112625
Entry Point: Third-party customer management software
High Value Targets: Passenger Pii, Technical Aircraft Data (Claimed),
Data Sold on Dark Web: Passenger Pii, Technical Aircraft Data (Claimed),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach IBE5920359112425
Root Causes: Third-Party Vendor Compromise,
Corrective Actions: Enhanced Verification Processes, Increased Monitoring, Technical Safeguards,
Incident : Data Breach IBE5015650112525
Root Causes: Vendor’S Outdated Security Protocols, Potential Misconfigured Cloud Storage Or Access Controls, Lack Of Real-Time Monitoring For Third-Party Data Flows,
Corrective Actions: Enhanced Supplier Oversight With Mandatory Security Certifications, Implementation Of Zero-Trust Architectures And Mfa, Ai-Driven Threat Detection And Regular Penetration Testing, Collaborative Threat Intelligence Sharing With Industry Peers,
Incident : Data Breach IBE26101526112625
Root Causes: Third-Party Software Vulnerability, Inadequate Protection Of Sensitive Data,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Yes (real-time monitoring of data flows with suppliers).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhanced Verification Processes, Increased Monitoring, Technical Safeguards, , Enhanced Supplier Oversight With Mandatory Security Certifications, Implementation Of Zero-Trust Architectures And Mfa, Ai-Driven Threat Detection And Regular Penetration Testing, Collaborative Threat Intelligence Sharing With Industry Peers, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $150,000 (for 77 GB dataset on dark web).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Dark Web Presence: True and Everest (Russian-linked cybercrime group).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-11-14.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Email Addresses, Iberia Plus Loyalty Card Numbers, Aircraft Technical Documentation (A320/A321), AMP Maintenance Files, Engine Data, Signed Internal Documents, ISO 27001/ITAR-Classified Materials, , Customer Names, Email Addresses, Loyalty Program Details (Iberia Plus tier statuses, point balances, travel histories), Technical Documents (aircraft maintenance files, engine specifications, internal certificates for A320/A321 models), , 77 GB, 77 GB, Names, Contact details (email addresses), Birthdates, Travel and booking information, Frequent flyer numbers, Masked credit card data, Technical data for aircraft and engines (claimed), Internal documents (claimed) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were Third-Party Supplier System and Third-Party Supplier SystemsPotentially Shared CRM/Booking Platforms and Customer management software (third-party)Internal computer systems (claimed, including technical data repositories).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Tightened account change procedures (additional verification for email modifications)Increased monitoring for suspicious activity, Isolation of Affected SystemsDark Web Monitoring for Data Leaks and Securing IT systems (details unspecified).
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Frequent flyer numbers, Iberia Plus Loyalty Card Numbers, Masked credit card data, AMP Maintenance Files, Contact details (email addresses), Loyalty Program Details (Iberia Plus tier statuses, point balances, travel histories), 77 GB, Technical Documents (aircraft maintenance files, engine specifications, internal certificates for A320/A321 models), Email Addresses, Birthdates, Internal documents (claimed), Technical data for aircraft and engines (claimed), Travel and booking information, Names, ISO 27001/ITAR-Classified Materials, Aircraft Technical Documentation (A320/A321), Signed Internal Documents, Engine Data and Customer Names.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 5.0.
Ransomware Information
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was EU Regulatory Inquiry (Spain’s data protection agency), Potential Lawsuits, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Zero-trust architectures and real-time supplier monitoring are essential.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Adopt blockchain-based data verification for supply chain integrity., Invest in AI tools for predictive breach analysis., Enhance employee training on phishing and secure data handling., Customers advised to monitor accounts for suspicious activity, Implement zero-trust frameworks and multi-factor authentication (MFA)., Collaboration with third-party vendors to secure supply chain, Enhanced verification for account changes, Establish collaborative threat intelligence sharing within the aviation industry., Enforce mandatory security certifications for all third-party vendors. and Conduct regular penetration testing and AI-driven threat detection..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Iberia Customer Notification Letter, Dark Web Post by Everest Group, Grab The Axe (Report on AI-Driven Threats), Security Affairs, Iberia Customer Advisory (Email to Iberia Club members), Cybernews, BleepingComputer, Hackmanac (Cybersecurity Monitoring Group), Paddle Your Own Kanoo (Analysis on AI in Cybersecurity), X (formerly Twitter) – Cybersecurity Accounts Monitoring Dark Web and Hackmanac (Twitter/X).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://t.co/rYSGnNeBN1 .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (internal and external investigations in collaboration with vendors).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via letter, Regulatory authorities informed, Customers advised to enable two-factor authentication and monitor accounts, Iberia Club members notified via email, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an No evidence of fraudulent use detectedReport suspicious activity promptlyVigilance recommended for phishing or identity theft attempts, Password changes recommendedFree credit monitoring offered to affected loyalty program members and Passengers warned about potential phishing scams using stolen data.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Third-party customer management software, Third-Party Supplier’s Systems (likely via misconfigured cloud storage or access controls) and Third-Party Service Provider System.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Third-party vendor compromise, Vendor’s outdated security protocolsPotential misconfigured cloud storage or access controlsLack of real-time monitoring for third-party data flows, Third-party software vulnerabilityInadequate protection of sensitive data.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Enhanced verification processesIncreased monitoringTechnical safeguards, Enhanced supplier oversight with mandatory security certificationsImplementation of zero-trust architectures and MFAAI-driven threat detection and regular penetration testingCollaborative threat intelligence sharing with industry peers.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=iberia-express' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
