Strong
Intellicess is an Austin based technology startup that develops and deploys edge and cloud analytics engines
Strong
A Alusa Engenharia uma empresa de infraestrutura que está presente no mercado há 50 anos e atua como integradora de projetos, obras e serviços ligados ao setor elétrico, de telecomunicações, óleo e gás, ampliando gradativamente a participação em outros segmentos da engenharia e construção civil, com obras desenvolvidas no Brasil e no exterior, com mais de 10.000 km de Linhas de Transmissão de extra alta tensão construídas. A marca da empresa também aparece em projetos desenvolvidos em outros países. Em 2005, em parceria com a Cemig, a Alusa deu início à sua expansão com a construção de uma linha de transmissão de 200 km no Chile. No mesmo ano, a Alusa chegou à Argentina com a Siemens, implantando mais de 140 km de linhas de transmissão de energia. O mais novo projeto foi na Costa Rica onde a Alusa desenvolveu sozinha uma linha de 50 km, energizada no final de 2009 em conjunto com 3 subestações. A Alusa possui hoje mais de 6000 empregados, 17 Sistemas de Transmissão com 4950 km de linhas de transmissão (Concessão), mais de 100 subestações construídas (10.000 MVA), 10 milhões de homens/hora aplicados em manutenção e construção de redes de distribuição, 4 Geradoras de energia em construção (179 MW de capacidade instalada), possui o maior Centro de Treinamento Privado no Brasil com 8.000 m2 como 128.000 h/h treinados, além de mais de 60.000 km de Linhas de Distribuição implementados, fato que faz da Alusa uma das maiores empresas de projetos neste segmento.
Security & Compliance Standards Overview
No incidents recorded for Intellicess Inc. in 2025.
No incidents recorded for ALUSA in 2025.
Intellicess Inc. cyber incidents detection timeline including parent company and subsidiaries
ALUSA cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Better Auth is an authentication and authorization library for TypeScript. In versions prior to 1.3.26, unauthenticated attackers can create or modify API keys for any user by passing that user's id in the request body to the `api/auth/api-key/create` route. `session?.user ?? (authRequired ? null : { id: ctx.body.userId })`. When no session exists but `userId` is present in the request body, `authRequired` becomes false and the user object is set to the attacker-controlled ID. Server-only field validation only executes when `authRequired` is true (lines 280-295), allowing attackers to set privileged fields. No additional authentication occurs before the database operation, so the malicious payload is accepted. The same pattern exists in the update endpoint. This is a critical authentication bypass enabling full an unauthenticated attacker can generate an API key for any user and immediately gain complete authenticated access. This allows the attacker to perform any action as the victim user using the api key, potentially compromise the user data and the application depending on the victim's privileges. Version 1.3.26 contains a patch for the issue.
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary and could not be configured at runtime. In practice, this meant that every deployment using Reviewbot would validate requests with the same secret unless the operator modified source code and rebuilt the component - an expectation that is not documented and is easy to miss. All Allstar releases prior to v4.5 that include the Reviewbot code path are affected. Deployments on v4.5 and later are not affected. Those who have not enabled or exposed the Reviewbot endpoint are not exposed to this issue.
Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name or (3) Last Name text field.
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
