Comparison Overview

Q: Between JLR company and MAHLE company, which one has the best AI Cybersecurity Score ?

MAHLE company demonstrates a stronger AI Cybersecurity Score compared to JLR company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between JLR company and MAHLE company, which one has experienced more cyber incidents in the past ?

JLR company has historically faced a number of disclosed cyber incidents, whereas MAHLE company has not reported any.

Q: Between JLR company and MAHLE company, which one has experienced more cyber incidents this year ?

In the current year, JLR company has reported more cyber incidents than MAHLE company.

Q: Between JLR company and MAHLE company, which one has experienced at least one ransomware attack ?

JLR company has confirmed experiencing a ransomware attack, while MAHLE company has not reported such incidents publicly.

Q: Between JLR company and MAHLE company, which one has experienced at least one data breach ?

JLR company has disclosed at least one data breach, while the other MAHLE company has not reported such incidents publicly.

Q: Between JLR company and MAHLE company, which one has experienced at least one targeted cyberattack ?

JLR company has reported targeted cyberattacks, while MAHLE company has not reported such incidents publicly.

Q: Between JLR company and MAHLE company, which one has experienced at least one vulnerability ?

Neither JLR company nor MAHLE company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between JLR company and MAHLE company, which one holds the most compliance certifications ?

Neither JLR nor MAHLE holds any compliance certifications.

Q: Between JLR company and MAHLE company, which one has the most subsidiaries ?

JLR company has more subsidiaries worldwide compared to MAHLE company.

JLR

Abbey Road, Whitley, Coventry, West Midlands, GB, CV3 4LF

Last Update: 2025-11-26

View Profile

Between 0 and 549

http://www.jlr.com

Every vehicle. Every innovation. Every bit of momentum in over 170 markets worldwide. None of it would be possible without the expertise, drive and continued ambition of our people. We’re proud of our heritage, but it’s our vision for the future that excites us most. Right across our business, everybody plays a crucial role in the ever-evolving JLR journey. And with exciting new products, cutting-edge facilities and continued growth into new markets, there has never been a more exciting time to join us. We may be renowned for our iconic vehicles, but our drive for excellence covers more than premium design and world-class engineering. Ours is a truly global business, with the opportunities to match. You can learn more about our business areas and current opportunities here on the JLR Linked Company pages. This is also the place to ask any questions you may have, share your experiences and talk to the other talented individuals who are thinking about joining us. We look forward to talking with you.

NAICS: 3361

NAICS Definition: Motor Vehicle Manufacturing

Employees: 41,687

Subsidiaries: 58

12-month incidents

17

Known data breaches

2

Attack type number

3

View Profile

MAHLE

Pragstrasse 26-46, Stuttgart, DE, D-70376

Last Update: 2025-11-26

Between 750 and 799

http://www.mahle.com/dataprivacy

MAHLE is a leading international development partner and supplier to the automotive industry with customers in both passenger car and commercial vehicle sectors. Founded in 1920, the technology group is working on the climate-neutral mobility of tomorrow, with a focus on the strategic areas of electrification and thermal management as well as further technology fields to reduce CO2 emissions, such as fuel cells or highly efficient combustion engines that also run on hydrogen or synthetic fuels. Today, one in every two vehicles globally is equipped with MAHLE components. For privacy statement and imprint follow the website link below.

NAICS: 3361

NAICS Definition: Motor Vehicle Manufacturing

Employees: 21,435

Subsidiaries: 3

12-month incidents

0

Known data breaches

0

Attack type number

0

https://images.rankiteo.com/companyimages/jaguar-land-rover_1.jpeg

JLR

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

MAHLE

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

JLR has 4373.68% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

No incidents recorded for MAHLE in 2025.

Incident History — JLR (X = Date, Y = Severity)

JLR cyber incidents detection timeline including parent company and subsidiaries

Incident History — MAHLE (X = Date, Y = Severity)

MAHLE cyber incidents detection timeline including parent company and subsidiaries

JLR

Incidents

Date Detected: 11/2025

Type:Cyber Attack

Blog: Blog

Date Detected: 11/2025

Type:Cyber Attack

Motivation: Financial Gain, Disruption

Blog: Blog

Date Detected: 10/2025

Type:Cyber Attack

Attack Vector: Phishing Emails, Spoofed Supplier Communications, WhatsApp Scams, Human Error (Misplaced Trust)

Motivation: Financial Gain, Data Theft, Reputational Damage, Exploitation of Human Behavior

Blog: Blog

MAHLE

Incidents

No Incident

MAHLE company demonstrates a stronger AI Cybersecurity Score compared to JLR company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

JLR company has historically faced a number of disclosed cyber incidents, whereas MAHLE company has not reported any.

In the current year, JLR company has reported more cyber incidents than MAHLE company.

JLR company has confirmed experiencing a ransomware attack, while MAHLE company has not reported such incidents publicly.

JLR company has disclosed at least one data breach, while the other MAHLE company has not reported such incidents publicly.

JLR company has reported targeted cyberattacks, while MAHLE company has not reported such incidents publicly.

Neither JLR company nor MAHLE company has reported experiencing or disclosing vulnerabilities publicly.

Neither JLR nor MAHLE holds any compliance certifications.

Neither company holds any compliance certifications.

JLR company has more subsidiaries worldwide compared to MAHLE company.

JLR company employs more people globally than MAHLE company, reflecting its scale as a Motor Vehicle Manufacturing.

Neither JLR nor MAHLE holds SOC 2 Type 1 certification.

Neither JLR nor MAHLE holds SOC 2 Type 2 certification.

Neither JLR nor MAHLE holds ISO 27001 certification.

Neither JLR nor MAHLE holds PCI DSS certification.

Neither JLR nor MAHLE holds HIPAA certification.

Neither JLR nor MAHLE holds GDPR certification.

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 7.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 8.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 6.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss3

Base: 7.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss3

Base: 7.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

JLR

VS

MAHLE

JLR

MAHLE

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

Incident History — JLR (X = Date, Y = Severity)

Incident History — MAHLE (X = Date, Y = Severity)

Notable Incidents

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-66035

Risk Information

CVE-2025-66031

Risk Information

CVE-2025-66030

Risk Information

CVE-2025-64344

Risk Information

CVE-2025-64335

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

JLR

VS

MAHLE

JLR

MAHLE

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

Incidents vs Motor Vehicle Manufacturing Industry Average (This Year)

Incident History — JLR (X = Date, Y = Severity)

Incident History — MAHLE (X = Date, Y = Severity)

Notable Incidents

🔒 Incident : Cyber Attack TAT0662106111725

🔒 Incident : Cyber Attack JAG0132201110725

🔒 Incident : Cyber Attack JAG2932829102425

No Incident

FAQ

Between JLR company and MAHLE company, which one has the best AI Cybersecurity Score ?

Between JLR company and MAHLE company, which one has experienced more cyber incidents in the past ?

Between JLR company and MAHLE company, which one has experienced more cyber incidents this year ?

Between JLR company and MAHLE company, which one has experienced at least one ransomware attack ?

Between JLR company and MAHLE company, which one has experienced at least one data breach ?

Between JLR company and MAHLE company, which one has experienced at least one targeted cyberattack ?

Between JLR company and MAHLE company, which one has experienced at least one vulnerability ?

Between JLR company and MAHLE company, which one holds the most compliance certifications ?

Between JLR company and MAHLE company, which one holds the fewest compliance certifications ?

Between JLR company and MAHLE company, which one has the most subsidiaries ?

Between JLR company and MAHLE company, which one has the largest number of employees ?

Between JLR and MAHLE, which company holds both SOC 2 Type 1 certifications ?

Between JLR and MAHLE, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — JLR or MAHLE ?

Which company is PCI DSS compliant — JLR or MAHLE ?

Between JLR and MAHLE, which company complies with HIPAA regulations for healthcare data ?

Between JLR and MAHLE, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-66035

Risk Information

CVE-2025-66031

Risk Information

CVE-2025-66030

Risk Information

CVE-2025-64344

Risk Information

CVE-2025-64335

Risk Information