MCWH A.I CyberSecurity Scoring
22/03/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for Marathon Coach World Headquarters in 2026.
No incidents recorded for Marathon Coach World Headquarters in 2026.
No incidents recorded for Marathon Coach World Headquarters in 2026.
Motor Vehicle Manufacturing
PACCAR is a global technology leader in the design, manufacture and customer support of premium light-, medium- and heavy-duty trucks under the Kenworth, Peterbilt and DAF nameplates. PACCAR also designs and manufactures advanced diesel engines, provides financial services, information technology, and distributes truck parts related to its principal business. Kenworth Truck Company builds premium commercial vehicles for sale in the U.S., Canada, Mexico and Australia and for export throughout the world. Peterbilt Motors also designs, manufactures and distributes premium commercial vehicles in the US and Canada. DAF Trucks manufactures trucks in the Netherlands, Belgium, Brasil and the United Kingdom for sale throughout Western and Eastern Europe, and export to Asia, Africa, North and South America. PACCAR Parts operates a network of parts distribution centers offering aftermarket support to Kenworth, Peterbilt and DAF dealers and customers around the world. Aftermarket support includes customer call centers operating 24 hours a day throughout the year and technologically advanced systems to enhance inventory control and expedite order processing. PACCAR Financial Services provides finance, lease and insurance services to dealers and customers in more than 100 countries including a portfolio of more than 175,000 trucks and trailers and total assets in excess of $12 billion. The group includes PACCAR Leasing, a major full-service truck leasing company in North America, with a fleet of over 39,000 vehicles. Environmental responsibility is one of PACCAR’s core values. The company regularly develops new programs to help protect and preserve the environment and PACCAR has established ambitious goals to further reduce emissions and enhance fuel efficiency in its truck models.
Gestamp is a multinational specialized in the design, development and manufacture of highly engineered metal components for the main vehicle manufacturers. It develops products with an innovative design to produce lighter and safer vehicles, which offer lower energy consumption and a lower environmental impact. Its products cover the areas of BiW, chassis and mechanisms. Gestamp is present in 24 countries with 115 production plants, 13 R&D centers and a workforce of more than 43,000 employees worldwide.
The Volkswagen Group with its headquarters in Wolfsburg is one of the world’s leading automobile manufacturers and the largest carmaker in Europe. The Group is made up of ten brands from seven European countries: Volkswagen, Volkswagen Nutzfahrzeuge, ŠKODA, SEAT, CUPRA, Audi, Lamborghini, Bentley, Porsche and Ducati. Our group sells vehicles in 153 countries and operates 114 production plants worldwide. Each working day, around 675,000 employees worldwide produce cars, are involved in vehicle-related services or work in the other fields of business. Our goal is to make mobility sustainable for us and for future generations. Our promise: With electric drive, digital networking and autonomous driving, we make the automobile clean, quiet, intelligent and safe. At the same time, our core product becomes even more emotional and offers a completely new driving experience. It is also becoming part of the solution when it comes to climate and environmental protection. In this way, the car can continue to be a cornerstone of contemporary, individual and affordable mobility in the future. #Shapingmobility Imprint & Legal: http://vw.de/legal-notice DAT: http://vw.de/dat
At JLR, we create exceptional experiences through our brands: Range Rover, Defender, Discovery and Jaguar. As the corporate home of these iconic British brands, we bring together world-class design, pioneering innovation and the creative ambition that drives our business forward. Our heritage matters, but it's our future that excites us. We're transforming at pace, shaping new technologies, electrifying our products and reimagining how people move through the world. None of this happens by accident. It happens because of our people – creators, problem-solvers and pioneers who bring bold ideas to life every day. Everyone at JLR plays a role in building an enterprise that is as exceptional as the experiences we deliver. Here, you'll find the scale of a global organisation and the opportunity to make a meaningful impact from day one. We are proud of the brands we steward, but even prouder of the culture we're building – one where curiosity is encouraged, craftsmanship is celebrated and every colleague is supported to grow. If you would like to be part of our journey, you can explore our business areas and current opportunities right here on LinkedIn. You can also connect with our teams, ask questions and hear from the people who make JLR what it is. The future is exciting. We hope you will help us create it.
We see a future where everyone can live and move without limitations. That’s why we are developing technologies, systems and concepts that make vehicles safer and cleaner, while serving our communities, the planet and, above all, people. Forward. For all. Our common shares trade on the Toronto Stock Exchange (MG) and the New York Stock Exchange (MGA). For further information about Magna, visit www.magna.com.
Motherson is a diversified global design, engineering, manufacturing and assembly (DEMA) specialist, delivering full-system solutions to customers across a wide range of industries. With a robust network of 425 state-of-the-art facilities across 44 countries, and a dedicated workforce of more than 200,000 professionals, Motherson is continually working toward its vision of being a globally preferred sustainable solutions provider for its stakeholders. The group recorded revenues of USD 21.2 billion in 2024-25 and is ranked among the top 15 automotive suppliers worldwide. As a trusted partner to OEM customers, Motherson offers an extensive, versatile product portfolio spanning the entire spectrum of the mobility industry. This includes passenger and commercial vehicles, two- and three-wheelers, rolling stock, off-highway vehicles, earthmoving, material-handling and agricultural machinery. Its product range encompasses electrical distribution systems, fully assembled vehicle interior and exterior modules, rear vision systems, moulded plastic parts and assemblies, injection moulding tools, rubber components, lighting systems, and machined metal products. Beyond the automotive sector, Motherson has strategically diversified into industries such as health and medical, aerospace, consumer electronics, logistics, and industrial IT solutions. This expansion reflects the group’s adaptability and unwavering commitment to meeting its customers' evolving needs. Motherson believes its employees are its partners in progress, its biggest asset. The organisation nurtures an environment where employees thrive as dynamic professionals and individuals. The organisation is responsive to its employees' professional aspirations and provides a range of growth opportunities, enabling them to advance professionally and to take on strategic roles within the organisation.
Hutchinson designs and produces customized materials and connected solutions to respond to the needs of its global customers, on land, in the air and at sea. A global leader in vibration control, fluid management and sealing system technologies, our Group stands out with a multiple market offering spanning multiple areas of expertise and delivering synergies and value-added. Hutchinson reported revenues of €5 billion in 2024 and has more than 40,000 employees in 25 countries. Our ambition is to contribute to safer, more comfortable and more responsible mobility for the future.
Lear Corporation (NYSE: LEA) is a global automotive leader in Seating and E-Systems. The company designs, manufactures, and delivers advanced technologies to the world’s major automakers. Building on more than 100 years of heritage, Lear is the largest U.S.-based automotive supplier, headquartered in Southfield, Michigan. Driven by a commitment to innovation, operational excellence, and sustainability, Lear’s global team of talented employees is shaping the future of mobility by developing solutions that enhance comfort, safety, and efficiency. More information is available at Lear.com.
FORVIA comprises the complementary technology and industrial strengths of Faurecia and HELLA. With over 249 industrial sites and 78 R&D centers, 150,000 people, including more than 15,000 engineers across 40+ countries, FORVIA provides a unique and comprehensive approach to the automotive challenges of today and tomorrow. Composed of 6 business groups with 24 product lines, and a strong IP portfolio of over 12,900 patents, FORVIA is focused on becoming the preferred innovation and integration partner for OEMs worldwide. FORVIA aims to be a change maker committed to foreseeing and making the mobility transformation happen.
Latest updates, reports, and threat intel affecting the global network.
UREVO has introduced the Cyber Mega Smart Treadmill, a high-tech treadmill designed specifically for serious marathon training at home.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.