SST A.I CyberSecurity Scoring
19/04/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for STI Serv Trayvou in 2026.
No incidents recorded for STI Serv Trayvou in 2026.
No incidents recorded for STI Serv Trayvou in 2026.
For 100 years, we’ve been helping customers build a better, more sustainable world. Our innovative products and services, backed by our global dealer network, provide exceptional value that helps customers succeed. With 2024 sales and revenues of $64.8 billion, Caterpillar Inc. is the world’s leading manufacturer of construction and mining equipment, off-highway diesel and natural gas engines, industrial gas turbines and diesel-electric locomotives. Caterpillar does business on every continent, principally operating through three primary segments – Construction Industries, Resource Industries and Energy & Transportation – and provides financing and related services through our Financial Products segment.
ITW (NYSE: ITW) is a Fortune 300 global multi-industrial manufacturing leader with revenue of $15.9 billion in 2024. The company’s seven industry-leading segments leverage the unique ITW Business Model to drive solid growth with best-in-class margins and returns in markets where highly innovative, customer-focused solutions are required. ITW’s approximately 44,000 dedicated colleagues around the world thrive in the company’s decentralized and entrepreneurial culture.
CNH ( NYSE: CNH ) is a world-class equipment, technology and services company. The Company operates commercially through its brand portfolio which includes Case IH, New Holland Agriculture, New Holland Construction, and CASE Construction Equipment. CNH has over 35,000 employees, 40 manufacturing plants, 49 R&D centers, and hold circa 11,000 registered patents. We are the driving force behind the iron and tech transforming our world.
ANDRITZ is an international technology group based in Austria. The company offers a broad portfolio of innovative plants, equipment, systems, services and digital solutions for a wide range of industries and end markets. Sustainability is an integral part of the company’s business strategy and corporate culture: With its extensive portfolio of sustainable products and solutions, ANDRITZ aims to make the greatest possible contribution to a sustainable future and help its customers achieve their sustainability goals. ANDRITZ is a global market leader in all four of its business areas: Pulp & Paper Metals Hydropower Environment & Energy Technological leadership and global presence are cornerstones of the group’s strategy, which is focused on long-term profitable growth. The publicly listed group has around 30,000 employees and over 280 locations in more than 80 countries.
The Voith Group is a global technology company. With its broad portfolio of systems, products, services and digital applications, Voith sets standards in the markets of energy, paper, raw materials and transport. Founded in 1867, Voith today has around 22,000 employees, sales of € 5.2 billion and locations in over 60 countries worldwide and thus is one of the larger family-owned companies in Europe. Voith's DNA is “Sustainable technologies for future generations”. With its innovative developments, Voith is driving the decarbonization of industry and acting as a game changer and co-creator. In doing so, Voith has a broad portfolio of sustainable technology solutions and services that make it possible to reduce emissions in the customers' value chains, improve ecological performance, increase efficiency and thus reduce CO2 emissions. Did you know that one quarter of the energy produced worldwide is generated from hydropower with technologies and services from Voith? But hydropower is just one of the exciting business divisions of Voith: a large proportion of the worldwide paper production is manufactured on Voith paper machines. And drive systems from Voith move both industrial plants and vehicles on rail, road and water all over the globe. Career: https://voith.com/corp-en/careers.html#209066 Imprint: https://voith.com/corp-en/footer/imprint.html Privacy Policy: https://voith.com/corp-en/footer/privacy-policy.html
Atlas Copco delivers innovative products and solutions that help businesses grow and drive progress. Our portfolio spans compressed air and gas systems and treatment, vacuum solutions, industrial power tools, assembly systems, and power and flow solutions. We bring a commitment to long-term success built on expertise, reliable service, and uptime. When you level to the Atlas Copco experience you enter a partnership based on quality, sustainability, and ease of collaboration. The technology we bring, and the decades of experience support the future-proofing of your business.
Finning is the world's largest Caterpillar dealer delivering unrivalled service for over 90 years. We sell, rent and provide parts and service for equipment and engines to customers in various industries, including mining, construction, petroleum, forestry and a wide range of power systems applications. Since 1933, when Finning was first established in Canada by Earl B. Finning, our name has conveyed integrity, reliability and resourcefulness. Over the years, the company has grown as a result of a genuine commitment to earning customer loyalty. With our broad product support infrastructure and unmatched service capabilities, we deliver solutions that enable customers to achieve the lowest equipment owning and operating costs while maximizing uptime. Finning employs over 13,000 people world-wide and operates in three geographies, with the head office in Vancouver, Canada. Finning est le plus grand concessionnaire Caterpillar au monde offrant un service inégalé depuis plus de 85 ans. Nous vendons, louons et fournissons des pièces et des services pour l’équipement et les moteurs à des clients dans diverses industries, y compris l’exploitation minière, la construction, le pétrole, la foresterie et un large éventail d’applications de systèmes d’alimentation. Depuis 1933, année où Finning a été établi au Canada par Earl B. Finning, notre nom a transmis intégrité, fiabilité et débrouillardise. Au fil des ans, l’entreprise a pris de l’expansion grâce à un véritable engagement à fidéliser sa clientèle. Grâce à notre vaste infrastructure de support produit et à nos capacités de service inégalées, nous fournissons des solutions qui permettent aux clients d’atteindre les coûts de possession et d’exploitation d’équipement les plus bas tout en maximisant la disponibilité. Finning emploie plus de 13 000 personnes dans le monde et exerce ses activités dans trois régions géographiques, dont le siège social est situé à Vancouver, au Canada.
<Nippon Steel Corporation does not recognize this account as OFFICIAL, but it is open for LinkedIn subscribers.> On April 1, 2019, we renamed ourselves as “Nippon Steel Corporation” (from Nippon Steel and Sumitomo Metal Corporation), to keep in pace with our advance as a growing global steelmaker with origins in Japan.
Valmet is a global technology leader serving process industries. We work together with our customers throughout the entire lifecycle, delivering cutting-edge technologies and services as well as mission-critical automation and flow control solutions. Backed by more than 225 years of industrial experience and a global team of over 19,000 professionals close to customers, we are uniquely positioned to transform industries toward a regenerative tomorrow. In 2024, Valmet’s net sales totaled approximately EUR 5.4 billion. Our head office is in Espoo, Finland, and we have experts in approximately 40 countries around the world. Valmet’s shares are listed on Nasdaq Helsinki. Valmet has two focused segments: Biomaterial Solutions and Services and Process Performance Solutions. Valmet’s operating model consists of five business areas: Automation Solutions; Flow Control; Pulp, Energy and Circularity; Packaging and Paper; and Tissue. The business areas are supported by a separate Latin America unit and a China Chair. The Global Supply unit supports cost-competitiveness by optimizing and leveraging Valmet’s global scale in procurement and production.
Latest updates, reports, and threat intel affecting the global network.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.