What is the official website of Zoho One ?

The official website of Zoho One is https://www.zoho.com/one/.

What is Zoho One's cybersecurity risk score?

Zoho One has an AI-generated cybersecurity risk score of 757 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Zoho One experienced?

According to Rankiteo, Zoho One currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Zoho One been affected by any supply chain cyber incidents ?

According to Rankiteo, Zoho One has been affected by a supply chain cyber incident involving Wondershare Technology, with the incident ID ZOHWON1776076134.

Does Zoho One have SOC 2 Type 1 certification ?

According to Rankiteo, Zoho One is not certified under SOC 2 Type 1.

Does Zoho One have SOC 2 Type 2 certification ?

According to Rankiteo, Zoho One does not hold a SOC 2 Type 2 certification.

Does Zoho One comply with GDPR ?

According to Rankiteo, Zoho One is not listed as GDPR compliant.

Does Zoho One have PCI DSS certification ?

According to Rankiteo, Zoho One does not currently maintain PCI DSS compliance.

Does Zoho One comply with HIPAA ?

According to Rankiteo, Zoho One is not compliant with HIPAA regulations.

Does Zoho One have ISO 27001 certification ?

According to Rankiteo,Zoho One is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Zoho One operate in ?

Zoho One operates primarily in the IT Services and IT Consulting industry.

How many employees does Zoho One have ?

Zoho One employs approximately None employees people worldwide.

Does Zoho One own any subsidiaries ?

Zoho One presently has no subsidiaries across any sectors.

How many LinkedIn followers does Zoho One have ?

Zoho One's official LinkedIn profile has approximately 19,286 followers.

What is the NAICS classification code for Zoho One ?

Zoho One is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.

Does Zoho One have a Crunchbase profile ?

No, Zoho One does not have a profile on Crunchbase.

Does Zoho One have a LinkedIn profile ?

Yes, Zoho One maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/osforbiz.

How many cybersecurity incidents has Zoho One experienced ?

As of June 14, 2026, Rankiteo reports that Zoho One has experienced 3 cybersecurity incidents.

How many peer or competitor companies does Zoho One have ?

Zoho One has an estimated 40,681 peer or competitor companies worldwide.

What types of cybersecurity incidents has Zoho One faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Zoho One

Boost Score +25 with badge (5 left)

757

/1000

Fair

782

/1000

Fair

Zoho One Vendor Cyber Rating & Cyber Score

zoho.com

Add Your Compliance Badge

Grow your business with one smart and customizable system of unified software for sales, marketing, support, accounting, operations, and HR.

Zoho One A.I CyberSecurity Scoring

Scoring History

Zoho One

Zoho One CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Zoho

Cyber Attack

100

12/2025

Wondershare Tec...

ZOHWON177607613...

Zoho

Cyber Attack

10/2025

ZOH1776249079

Zoho One

Vulnerability

3/2025

ZOH411030525

Loading…

A.I.

Zoho One Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Zoho One

Incidents vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Zoho One in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Zoho One in 2026.

Incident Types Zoho One vs IT Services and IT Consulting Industry Avg (This Year)

No incidents recorded for Zoho One in 2026.

Incident History - Zoho One (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Zoho One Subsidiaries

Zoho One

IT Services and IT Consulting

Website: https://www.zoho.com/one/

Company Size: 201-500 employees

ZohoSoftware Development

Zoho RecruitSoftware Development

Zoho PeopleHuman Resources Services

Zoho CreatorSoftware Development

Zoho Middle East & North AfricaSoftware Development

Loading…

Zoho One Similar Companies

FIS

fisglobal.com

Unlocking financial technology. Bringing the world’s money into harmony. At FIS, we advance the way the world pays, banks, and invests. With decades of expertise, we provide financial technology solutions to financial institutions, businesses, and developers. Headquartered in Jacksonville, Florida, we’re a proud member of the Fortune 500® and the Standard & Poor’s 500® Index. Let's innovate together.

LTIMindtree

ltimindtree.com

LTIMindtree is a global technology consulting and digital solutions company that partners with enterprises across industries to reimagine business models, accelerate innovation, and drive AI-centric growth. Trusted by more than 700 clients worldwide, we use advanced technologies to enable operational excellence, elevated customer experiences, and long-term value creation. With a workforce of more than 86,000 talented and entrepreneurial professionals across over 40 countries, LTIMindtree — a Larsen & Toubro Group company — is dedicated to solving complex business challenges and delivering transformation at scale. LTIMindtree is proud to be an equal opportunity employer. We are committed to providing equal employment opportunities regardless of race, ethnicity, nationality, gender, gender identity, gender expression, language, age, sexual orientation, religion, marital status, veteran status, socio-economic status, disability, or any other characteristic protected by applicable law. Please note that neither LTIMindtree nor any of its authorized recruitment agencies/partners charge candidates any registration fees or other fees for appearing in interviews or securing employment/internships. Candidates are solely responsible for verifying the credentials of any agency or consultant claiming to work with LTIMindtree for recruitment purposes. Please note that anyone relying on representations made by fraudulent employment agencies/consultant does so at their own risk. LTIMindtree disclaims any liability for loss or damage suffered as a result of such actions. For more info, please visit www.ltimindtree.com.

Minsait

minsait.com

We are one of the world's leading consultancies in technological services for companies and the public sector. With headquarters in Spain and presence in more than 100 countries, we combine experience in AI, data, cloud and cybersecurity to help companies and organizations generate a positive impact on society. Tech for impact #Minsait

Indra

cb indragroup.com

Indra Group (https://www.indragroup.com/) is the foremost Spanish multinational and one of the leading European companies that focus on defence and advanced technologies. It stands at the forefront of the defence, space, air traffic management, mobility, and Information Technology businesses through Minsait, and it integrates its sovereign AI, cybersecurity and cyberdefence capabilities into IndraMind. Indra Group is paving the way to a more secure and better-connected future through innovative solutions, trusted relationships and the very best talent. Sustainability is an integral part of its strategy and culture in order to overcome current and future social and environmental challenges. At the close of the 2024 financial year, Indra Group posted revenues of €4.843 billion and had a local presence in 46 countries and business operations in over 140 countries.

Nagarro

cb nagarro.com

Nagarro helps future-proof your business through a forward-thinking, fluidic, and CARING mindset. We excel at digital engineering and help our clients become human-centric, digital-first organizations, augmenting their ability to be responsive, efficient, intimate, creative, and sustainable. Today, we are 18,000+ experts across 38 countries, forming a Nation of Nagarrians, ready to help our customers succeed.

Diebold Nixdorf

cb DieboldNixdorf.com

Diebold Nixdorf automates, digitizes and transforms the way people bank and shop. Its integrated solutions connect digital and physical channels conveniently, securely and efficiently for millions of consumers every day. As an innovation partner for nearly all of the world's top 100 financial institutions and a majority of the top 25 global retailers, Diebold Nixdorf delivers unparalleled services and technology that power the daily operations and consumer experience of financial institutions and retailers around the world.

HGS

hgs.cx

A global leader in optimizing the customer experience lifecycle, digital transformation, and business process management, HGS is helping its clients become more competitive every day. HGS combines automation, analytics, and artificial intelligence with deep domain expertise focusing on digital customer experiences, back-office processing, contact centers, and HRO solutions. Part of the multi-billion-dollar conglomerate Hinduja Group, HGS takes a “globally local” approach with over 18,000+ employees across 38 delivery centers in 9 countries.

Asurion

cb asurion.com

As the world’s leading tech care company, Asurion eliminates the fears and frustrations associated with technology, to ensure our 300 million customers get the most out of their devices, appliances and connections. We provide insurance, repair, replacement, installation and 24/7 support for everything from cellphones to laptops and household appliances. Our experts are available online, on the phone, at one of our more than 800 stores, or can even come to you.

Softtek

softtek.com

Founded in 1982 by a small group of entrepreneurs, Softtek started out in Mexico providing local IT services, and today is a global leader in next-generation digital solutions. The first company to introduce the Nearshore model, Softtek helps Global 2000 organizations build their digital capabilities constantly and seamlessly, from ideation and development to execution and evolution. Its entrepreneurial drive spans 20+ countries and more than 15,000 talented professionals. For more information on what we do, who we are, and career opportunities, visit www.softtek.com / Follow us on Instagram (@softtekofficial), on Twitter (@Softtek), and be our fan on Facebook www.facebook.com/softtek.

Loading…

NEWS

Zoho One CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 27, 2026 08:00 AM

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive...

Read Article

February 21, 2026 08:00 AM

One AI Tweet, $10 Billion Gone: Is Cyber Security in Trouble?

The kind of significant advancements that we are observing in the AI sector in recent times has been beyond measure, and this is leading to...

Read Article

February 09, 2026 08:00 AM

Threat actors target SolarWinds Web Help Desk flaw

Researchers say hackers are using remote monitoring and other tools in compromised environments.

Read Article

February 09, 2026 08:00 AM

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.

Read Article

February 09, 2026 08:00 AM

Hackers Actively Exploiting SolarWinds Web Help Desk RCE Vulnerability to Deploy Custom Tools

Active exploitation of a remote code execution (RCE) vulnerability in SolarWinds Web Help Desk (WHD) is accelerating, with attackers rapidly...

Read Article

February 08, 2026 08:00 AM

Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399)

Acknowledgments: Special thanks to Dipo Rodipe, Dray Agha, and Lindon Wass for their contributions to this investigation and write-up.

Read Article

January 20, 2026 08:00 AM

India-based Zoho Corporation planning to expand data centres in ME and Africa: CEO - Tech - Business

Zoho Corporation and its IT management arm ManageEngine are planning to expand data centre investments across the Middle East and Africa,...

Read Article

January 15, 2026 08:00 AM

Zoho Opens First UAE Data Centres for Local Cloud Hosting

Zoho Corporation expands with new data centres in Dubai and Abu Dhabi to support UAE data sovereignty and cloud adoption for business and...

Read Article

January 15, 2026 08:00 AM

Zoho opens first UAE data centres, will host over 100 cloud services

The new facilities in Dubai and Abu Dhabi will host more than 100 cloud‑based solutions from Zoho's two main brands.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…