Powering more than 2 billion connections every day, Mitel helps businesses connect, collaborate and take care of customers.
Safaricom is the leading provider of converged communication solutions in Kenya. In addition to providing a broad range of first-class products and services for Telephony, Broadband Internet and Financial services, Safaricom seeks to uplift the welfare of Kenyans through value-added services and support for community projects. With over 29 Million subscribers and an estimated market share of 67%, the Company has the widest modern mobile network coverage in Kenya and prides in its experienced shareholders, attractive tariffs, a nationwide network of effective dealers, high caliber staff and management enabling it to maintain its position as the region’s mobile market leader. M-PESA has over 23 million subscribers, supported by a nationwide agent network of over 156,000 outlets. M-PESA is the world's most developed biggest mobile payment system. Facts about Safaricom • Employs over 5,500 staff directly and over 500,000 indirectly • Has approximately 4,945 network sites across the country • 50% of employees and 32% of senior management working at Safaricom are women. • Has the largest call center in Sub-Saharan Africa Our people are our most valuable asset and are key to the achievement of our vision of transforming lives. This is reflected in our commitment to creating a working environment that supports our staff. We offer employees a wellness programme, crèche facilities, access to subsidized gym facilities, leisure amenities, regular social events, competitive salaries and career opportunities. We give back to the society through the Safaricom Foundation. Since inception, the foundation has disbursed 2 billion shillings in different initiatives that provide sustainable community-based solutions, contributing towards Kenya’s development agenda, and the Millennium Development Goals. Safaricom is a key member and supporter of the B Team and the B Team – Africa, alliances of business leaders who are committed to responsible and sustainable business practices.
Security & Compliance Standards Overview
No incidents recorded for Mitel in 2025.
No incidents recorded for Safaricom PLC in 2025.
Mitel cyber incidents detection timeline including parent company and subsidiaries
Safaricom PLC cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
