What is the official website of Sonae ?

The official website of Sonae is http://www.sonae.pt.

What is Sonae's cybersecurity risk score?

Sonae has an AI-generated cybersecurity risk score of 763 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Sonae experienced?

According to Rankiteo, Sonae currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Sonae been affected by any supply chain cyber incidents ?

According to Rankiteo, Sonae has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Sonae have SOC 2 Type 1 certification ?

According to Rankiteo, Sonae is not certified under SOC 2 Type 1.

Does Sonae have SOC 2 Type 2 certification ?

According to Rankiteo, Sonae does not hold a SOC 2 Type 2 certification.

Does Sonae comply with GDPR ?

According to Rankiteo, Sonae is not listed as GDPR compliant.

Does Sonae have PCI DSS certification ?

According to Rankiteo, Sonae does not currently maintain PCI DSS compliance.

Does Sonae comply with HIPAA ?

According to Rankiteo, Sonae is not compliant with HIPAA regulations.

Does Sonae have ISO 27001 certification ?

According to Rankiteo,Sonae is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Sonae operate in ?

Sonae operates primarily in the Investment Management industry.

How many employees does Sonae have ?

Sonae employs approximately 24,146 people worldwide.

Does Sonae own any subsidiaries ?

Sonae presently has no subsidiaries across any sectors.

How many LinkedIn followers does Sonae have ?

Sonae's official LinkedIn profile has approximately 351,848 followers.

What is the NAICS classification code for Sonae ?

Sonae is classified under the NAICS code 5239, which corresponds to Other Financial Investment Activities.

Does Sonae have a Crunchbase profile ?

No, Sonae does not have a profile on Crunchbase.

Does Sonae have a LinkedIn profile ?

Yes, Sonae maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sonae.

How many cybersecurity incidents has Sonae experienced ?

As of June 21, 2026, Rankiteo reports that Sonae has not experienced any cybersecurity incidents.

How many peer or competitor companies does Sonae have ?

Sonae has an estimated 5,355 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Sonae

Boost Score +25 with badge (5 left)

763

/1000

Fair

788

/1000

Fair

Sonae Vendor Cyber Rating & Cyber Score

sonae.pt

Add Your Compliance Badge

Sonae exists to create a lasting positive impact on businesses, people, communities and on the planet. Managing a diverse portfolio of businesses in retail, financial services, technology, investments, real estate and telecommunications, Sonae makes the most of its expertise and pushes itself to create the future we all want and need. Creating today a better tomorrow, for all.

Sonae A.I CyberSecurity Scoring

Scoring History

Sonae

Sonae CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

Sonae Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Sonae

Incidents vs Investment Management Industry Avg (This Year)

No incidents recorded for Sonae in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Sonae in 2026.

Incident Types Sonae vs Investment Management Industry Avg (This Year)

No incidents recorded for Sonae in 2026.

Incident History - Sonae (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Sonae Subsidiaries

Sonae

Investment Management

Website: http://www.sonae.pt

Company Size: 10,001+ employees

Sonae SierraReal Estate

Loading…

Sonae Similar Companies

Odebrecht

novonor.com.br

Founded in 1944, Odebrecht is a Brazilian group with diverse businesses and world-class standards of quality. Its Members, guided by the Group’s own philosophy, the Odebrecht Entrepreneurial Technology (TEO), provide services and manufacture products for clients on five continents. As part of their entrepreneurial responsibility while serving clients and local communities, they contribute to the development of economically prosperous, socially just, environmentally sustainable, politically inclusive and culturally rich societies and countries.

Essar

essar.com

Essar, with an entrepreneurial track record spanning 50+ years, specialises in investing and developing assets to create value in core sectors such as Energy, Infrastructure, Metals & Mining, and Technology & Retail. With a presence in eight countries, Essar generates revenues of US$15 billion and provides employment for over 7,000 people. Over the past five years, Essar has strategically rebalanced its portfolio by monetising some world-class assets. Essar is now positioned to transition its existing assets to a greener regime and invest in businesses driving the transformation of sector landscapes from carbon-centric to a clean energy ecosystem, both nationally and globally. The Group is developing sustainable assets and industry ecosystems, with a particular focus on hydrogen, green mobility, and green steel. Essar Foundation, the CSR arm of Essar, has a rich 50-year heritage of service across India, focusing on areas such as health, education, livelihood, women empowerment, sports, environment, and infrastructure.

Sabanci Holding

sabanci.com

Sabancı Holding is one of Turkey’s leading conglomerate, engaged in a wide variety of business activities through its subsidiaries and affiliates, mainly in the banking, financial services, energy, industrials, building materials and retail sectors. Our Group companies most of which are leaders in their respective sectors. As Sabancı Group, we position ourselves in new economy, with global partnerships, employment for 60 thousand, and reaching more than 40 million people on 5 continents. We invest in energy & climate, material and digital technologies, through an agile global footprint to design a sustainable future with a goal of achieving 'Net Zero' by 2050. We stride confidently towards the future through Sabancı of New Generation culture and our purpose driven, stakeholder oriented, agile and diverse organization. We are committed to ensuring equal rights and opportunities to foster a positive and an inclusive work environment and to contribute to the socio economic development of the community. With tens of thousands of talents, stakeholders and investments in multiple businesses worldwide, what connects us is our purpose: We unite Turkey and the World for a sustainable life with leading enterprises.

Ackermans & van Haaren

avh.be

Ackermans & van Haaren is a diversified group active in 4 core sectors: Marine Engineering & Contracting (DEME, one of the largest dredging companies in the world - CFE, a construction group with headquarters in Belgium), Private Banking (Delen Private Bank, one of the largest independent private asset managers in Belgium, and asset manager JM Finn in the UK - Bank J.Van Breda & C°, niche bank for entrepreneurs and liberal professions in Belgium), Real Estate & Senior Care (Nextensa, a Euronext-listed land and real estate developer focused on Belgium and Luxembourg) and Energy & Resources (SIPEF, an agro-industrial group in tropical agriculture). In 2023, through its share in its participations, the AvH group represented a turnover of 6.5 billion euros and employed 21,887 people. The group concentrates on a limited number of strategic participations with significant potential for growth. The AvH share is part of the BEL20 index, the BEL-ESG index of Euronext Brussels and the European DJ Stoxx 600.

Loading…

NEWS

Sonae CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

September 24, 2025 07:00 AM

Duel Raises $16 Million in Series A

Duel, a New York-based brand advocacy platform for consumer retail brands, has raised $16 million in Series A funding, bringing its total...

Read Article

September 03, 2025 07:00 AM

Tidal Cyber raises $10m to scale cybersecurity platform

Tidal Cyber, a Virginia-based cybersecurity company focused on Threat-Led Defence, has raised $10m in a Series A round led by Bright Pixel...

Read Article

March 05, 2025 08:00 AM

Knostic Nabs $11 Million to Eliminate Enterprise AI Data Leaks

PRNewswire/ -- Knostic, the world's first provider of need-to-know access controls for Generative AI, today celebrates an $11 million...

Read Article

September 25, 2024 07:00 AM

Tamnoon raises $12M Series A for cloud security remediation platform

The Israeli startup has developed a hybrid human-AI managed service that reduces cloud exposures and enhances cloud security by optimizing...

Read Article

September 25, 2024 07:00 AM

Tamnoon Raises $12M Series A Fueling First Hybrid Human-AI Managed Cloud Security Remediation Service

Tamnoon, a leader in Managed Cloud Security Remediation, today announced it has raised $12 million in Series A funding.

Read Article

January 17, 2024 08:00 AM

Vicarius Raises $30M Series B to Fuel AI Innovations in Vulnerability Remediation

Insider Brief Vicarius, creators of vRx, the first fully autonomous end-to-end vulnerability remediation platform, has raised $30 million in...

Read Article

July 25, 2023 07:00 AM

Thales to buy app and data security firm Imperva in $3.6 billion deal

French defense and aerospace corporation Thales said Tuesday it is acquiring US-based cybersecurity company Imperva from private equity firm Thoma Bravo for $3...

Read Article

May 24, 2023 07:00 AM

Cybersecurity firm Sekoia.io secures €35m in fresh funding

Sekoia.io, a Cybertech firm based in Paris, France, has successfully amassed €35m in a recent round of funding.

Read Article

October 11, 2022 07:00 AM

Thales closes acquisition of important cybersecurity players Excellium and S21sec

With the acquisition of Excellium and S21Sec, Thales will accelerate its cybersecurity development roadmap and expands its footprint in...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-56355

SUMMARY

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 3.7)

cvss3

Base Score: 3.7

Complexity: HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score

1.4

Exploitability

2.2

REFERENCES

CVE-2026-56347

SUMMARY

AVideo TopMenu plugin through version 26.0 contains a stored cross-site scripting vulnerability in menu item rendering due to missing output encoding of icon classes, URLs, and text labels. Attackers can inject malicious JavaScript through unescaped menu item fields that execute for all site visitors, potentially stealing session cookies or performing unauthorized actions.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 6.1)

cvss3

Base Score: 6.1

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

cvss4

Base Score: 5.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

2.7

Exploitability

2.8

REFERENCES

CVE-2026-56346

SUMMARY

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 6.5)

cvss3

Base Score: 6.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

cvss4

Base Score: 6.9

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

2.5

Exploitability

3.9

REFERENCES

CVE-2026-56345

SUMMARY

AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without verification. An attacker with knowledge of the Meet shared secret can craft a malicious file upload with a filename containing an arbitrary users_id to invoke passwordless User->login() and establish an authenticated session as any user including admin. Attackers can obtain the Meet shared secret through path-traversal vulnerabilities or timing attacks against checkToken.json.php, then POST a crafted file to uploadRecordedVideo.json.php with a filename like '1-anything.mp4' to hijack admin sessions and gain full account takeover.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 8.1)

cvss3

Base Score: 8.1

Complexity: HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.2

Complexity: HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.2

REFERENCES

CVE-2026-56342

SUMMARY

AVideo through version 27.0 contains a server-side request forgery vulnerability in plugin/Live/test.php that allows authenticated administrators to read arbitrary URLs via the statsURL parameter, which lacks isSSRFSafeURL() validation and accepts requests to private IP ranges and cloud metadata endpoints. Attackers can exploit this by crafting requests to internal services, cloud metadata endpoints like 169.254.169.254, and localhost to retrieve sensitive information including IAM credentials, internal service responses, and network configuration details.

Published

Date2026-06-20

Updated

Date2026-06-20

RISK INFORMATION (Score: 6.8)

cvss3

Base Score: 6.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

cvss4

Base Score: 6.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

2.3

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…