SAM
Company Details
Linkedin ID:
surf-air-mobility
Website:
Employees number:
60
Number of followers:
3,911
NAICS:
481
Industry Type:
Homepage:
surfair.com
IP Addresses:
0
Company ID:
SUR_1124118
Scan Status:
In-progress
Surf Air Mobility Company CyberSecurity Posture
surfair.com
Transforming air mobility through software and electrification.
Surf Air Mobility A.I CyberSecurity Scoring
SAM Risk Score (AI oriented)Between 700 and 749
SAM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SAM Global Score (TPRM)XXXX
SAM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SAM Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
SAM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SAM
Incidents vs Airlines and Aviation Industry Average (This Year)
No incidents recorded for Surf Air Mobility in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Surf Air Mobility in 2025.
Incident Types SAM vs Airlines and Aviation Industry Avg (This Year)
No incidents recorded for Surf Air Mobility in 2025.
Incident History — SAM (X = Date, Y = Severity)
SAM cyber incidents detection timeline including parent company and subsidiaries
SAM Company Subsidiaries
Transforming air mobility through software and electrification.
Loading...
SAM Similar Companies
SAUDI AIRLINES
At Saudia Group, we're on a mission to inspire people to go beyond borders. Our purpose is rooted in unlocking human potential and connecting the world in ways never thought possible. We are committed to reshaping the aviation ecosystem in our region and beyond, by embracing innovation and a custome
Turkish Airlines
Turkish Airlines has soared to new heights since its first flight in 1933, becoming the airline that connects more countries than any other. Our commitment to excellence is reflected in the world-class service, comfort, and innovative travel experience we offer, designed to elevate every journey.
SpiceJet Limited
Red. Hot. Spicy. That’s not just our tagline, it’s how we fly. Red reflects the bold spirit we bring to every journey, energetic, passionate, and full of heart. Hot captures the warmth of our service and the vibrant destinations we connect. Spicy is our drive to keep travel exciting through innovati
Ethiopian Airlines
Ethiopian Airlines Group (Ethiopian) is a true African success story, transforming a visionary dream into a globally renowned reality for nearly eight decades. Operating flights to more than 160 domestic and international passenger, and cargo destinations across five continents, Ethiopian bridges th
Emirates
Based in Dubai, the Emirates Group employs over 103,363 staff from more than 160 nationalities. The Emirates Group’s extensive and diverse international portfolio includes the world’s largest international airline, Emirates, and one of the largest combined air services provider in the world, dnata.
easyJet
We’re on a mission to make low-cost travel easy. Whatever your role, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service. And to help us get there we’ll give you everything you need to make a personal impact on our growing
Lufthansa is one of the world’s leading airlines, connecting passengers to over 200 destinations across 74 countries from our hubs in Frankfurt and Munich. As an industry pioneer, we are committed to shaping the future of sustainable aviation, investing in next-generation aircraft, cutting-edge tec
Delta Air Lines
Delta Air Lines (NYSE: DAL) is the U.S. global airline leader in safety, innovation, reliability and customer experience. Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-winning customer s
JetBlue
When JetBlue first took flight in February 2000, our founding goal was to bring humanity back to air travel, and over two decades later, we still put our customers, crewmembers and communities at the center of everything we do. Before we even had aircraft to fly, our founders selected five values
.png)
SAM CyberSecurity News
November 13, 2025 08:00 AM
Stonegate Capital Partners Updates Coverage On Surf Air Mobility Inc. (SRFM) 2025 Q3
Dallas, Texas--(Newsfile Corp. - November 13, 2025) - Surf Air Mobility Inc. (NYSE: SRFM): Stonegate Capital Partners updates their coverage...
November 12, 2025 08:00 AM
As Palantir Gets 6M Shares of Surf Air Mobility Stock, Is PLTR or SRFM a Better Buy?
Surf Air is giving Palantir 6 million shares as prepayment. Which is a better company to invest in as the two work together?
November 12, 2025 08:00 AM
Surf Air Mobility Reports Third Quarter 2025 Financial Results, Exceeding Revenue and Meeting Adjusted EBITDA Guidance
LOS ANGELES, November 12, 2025--Surf Air Mobility Inc. (NYSE: SRFM) ("the Company", "Surf Air Mobility"), a leading regional air mobility...
November 12, 2025 08:00 AM
Surf Air Mobility Inc. (SRFM) Reports Q3 Loss, Beats Revenue Estimates
Surf Air Mobility Inc. (SRFM) delivered earnings and revenue surprises of -4.92% and +4.30%, respectively, for the quarter ended September...
November 12, 2025 08:00 AM
Surf Air Mobility (SRFM): Evaluating Valuation Following $100 Million Strategic Deal and Upbeat Q3 Revenue Update
Surf Air Mobility (SRFM) just rolled out a $100 million strategic transaction that combines new equity funding with debt refinancing,...
November 11, 2025 08:00 AM
Surf Air Mobility Inc (SRFM) Q3 2025: Everything You Need To Know Ahead Of Earnings
The consensus estimate for Q3 2025 revenue is $27.88 million, and the earnings are expected to come in at -$0.61 per share.
November 10, 2025 08:00 AM
Surf Air Mobility Announces $100 Million Strategic Transaction to Accelerate Growth and Strengthen Balance Sheet
Surf Air Mobility Inc. (NYSE: SRFM) (“Surf Air Mobility”, the “Company”), a leading air mobility platform, today announced that it has...
November 10, 2025 08:00 AM
Why Surf Air Mobility (SRFM) Is Down 18.4% After Announcing $100 Million Equity Deal and Debt Refi
Surf Air Mobility announced in the past a US$100 million transaction combining new equity funding and a US$74 million senior secured...
November 07, 2025 02:58 PM
Surf Air Mobility (NYSE: SRFM) Accelerates Regional Air Mobility Revolution with Electra Aero Partnership, Palantir Alliance, and Record Revenue
Surf Air Mobility, Inc. (NYSE: SRFM), a leading regional air mobility platform and one of the largest commuter airlines in the U.S. by...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SAM CyberSecurity History Information
Official Website of Surf Air Mobility
The official website of Surf Air Mobility is http://www.surfair.com.
Surf Air Mobility’s AI-Generated Cybersecurity Score
According to Rankiteo, Surf Air Mobility’s AI-generated cybersecurity score is 748, reflecting their Moderate security posture.
How many security badges does Surf Air Mobility’ have ?
According to Rankiteo, Surf Air Mobility currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Surf Air Mobility have SOC 2 Type 1 certification ?
According to Rankiteo, Surf Air Mobility is not certified under SOC 2 Type 1.
Does Surf Air Mobility have SOC 2 Type 2 certification ?
According to Rankiteo, Surf Air Mobility does not hold a SOC 2 Type 2 certification.
Does Surf Air Mobility comply with GDPR ?
According to Rankiteo, Surf Air Mobility is not listed as GDPR compliant.
Does Surf Air Mobility have PCI DSS certification ?
According to Rankiteo, Surf Air Mobility does not currently maintain PCI DSS compliance.
Does Surf Air Mobility comply with HIPAA ?
According to Rankiteo, Surf Air Mobility is not compliant with HIPAA regulations.
Does Surf Air Mobility have ISO 27001 certification ?
According to Rankiteo,Surf Air Mobility is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Surf Air Mobility
Surf Air Mobility operates primarily in the Airlines and Aviation industry.
Number of Employees at Surf Air Mobility
Surf Air Mobility employs approximately 60 people worldwide.
Subsidiaries Owned by Surf Air Mobility
Surf Air Mobility presently has no subsidiaries across any sectors.
Surf Air Mobility’s LinkedIn Followers
Surf Air Mobility’s official LinkedIn profile has approximately 3,911 followers.
NAICS Classification of Surf Air Mobility
Surf Air Mobility is classified under the NAICS code 481, which corresponds to Air Transportation.
Surf Air Mobility’s Presence on Crunchbase
No, Surf Air Mobility does not have a profile on Crunchbase.
Surf Air Mobility’s Presence on LinkedIn
Yes, Surf Air Mobility maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/surf-air-mobility.
Cybersecurity Incidents Involving Surf Air Mobility
As of November 27, 2025, Rankiteo reports that Surf Air Mobility has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
Surf Air Mobility has an estimated 3,298 peer or competitor companies worldwide.
Surf Air Mobility CyberSecurity History Information
How many cyber incidents has Surf Air Mobility faced ?
Total Incidents: According to Rankiteo, Surf Air Mobility has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at Surf Air Mobility ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=surf-air-mobility' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
