SMDS A.I CyberSecurity Scoring
22/01/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for SYNLAB Medical Digital Services in 2026.
No incidents recorded for SYNLAB Medical Digital Services in 2026.
No incidents recorded for SYNLAB Medical Digital Services in 2026.
Software Development
🌍Alibaba Group is on a mission to make it easy to do business anywhere! Guided by our passion and imagination, we’re leading the way in AI, cloud computing and e-commerce. We aim to build the future infrastructure of commerce, and we aspire to be a good company that lasts for 102 years.
Founded in 2003, LinkedIn connects the world's professionals to make them more productive and successful. With more than 1 billion members worldwide, including executives from every Fortune 500 company, LinkedIn is the world's largest professional network. The company has a diversified business model with revenue coming from Talent Solutions, Marketing Solutions, Sales Solutions and Premium Subscriptions products. Headquartered in Silicon Valley, LinkedIn has offices across the globe.
OpenText is a leading Cloud and AI company that provides organizations around the world with a comprehensive suite of Business AI, Business Clouds, and Business Technology. We help organizations grow, innovate, become more efficient and effective, and do so in a trusted and secure way—through Information Management. OpenText (NASDAQ/TSX: OTEX), founded in 1991 in Waterloo, has a rich history of helping customers manage their most important asset—information. Originating from a collaboration to digitize the Oxford English Dictionary, OpenText has grown into a global leader in information management. With over 120,000 enterprise customers across 180 countries, OpenText supports 98 of the top 100 global companies. A wide breadth of offerings uniquely positions OpenText to help customers unlock the value of that information using Al, cloud, and security innovations. At OpenText, our culture is at the heart of everything we do—and today, that includes being proudly AI-first. We’re creating a workplace where everyone can thrive, with artificial intelligence integrated into how we work, solve problems, and innovate together. By fostering a collaborative and inclusive environment, we empower digital knowledge workers and drive forward-thinking solutions that shape the future of information management. We believe our success comes from the strength of our team—talent that AI can’t replace—and we’re committed to attracting and supporting those who bring unique insight, adaptability, and creativity. Because at OpenText, people aren’t just our greatest asset—they’re the reason we shine in an AI-powered world. Join us at OpenText and become part of a team where your talents and ideas are truly valued.
IGT is a leading global provider of gaming, digital and financial technology solutions, formed through the combination of International Game Technology PLC’s Gaming & Digital Business and Everi Holdings Inc. IGT’s offering spans gaming machines, game content and systems, iGaming, sports betting, cash access, loyalty and player engagement solutions, enabling it to deliver integrated, customer-centric experiences across land-based and digital environments. Organized into Gaming, Digital and FinTech business units, IGT drives innovation, efficiency and value for casino, digital and hospitality operators worldwide. The company is headquartered in Las Vegas.
Grab is Southeast Asia’s leading superapp, offering a suite of services consisting of deliveries, mobility, financial services, enterprise and others. Grabbers come from all over the world, and we are united by a common mission: to drive Southeast Asia forward by creating economic empowerment for everyone. At Grab, every Grabber is guided by The Grab Way, which explains our mission and the operating principles on how we can achieve it together. We call these principles the 4Hs: Heart We work together as OneGrab to serve communities in Southeast Asia Hunger We work to understand ground truths and drive improvements, big and small Honour We keep our word and steward our resources wisely to build and sustain trust Humility We are a constant work-in-progress, and we never stop learning to get better
IDEMIA Secure Transactions (IST) is a leading provider of payment, connectivity, and cybersecurity solutions, serving billions of people worldwide. With decades of expertise in cryptography and credential issuance, IST is trusted by over 2000 financial institutions, mobile operators, automotive manufacturers, and IoT providers worldwide. IST is a division of IDEMIA Group. IDEMIA Public Security, another division of IDEMIA Group, is the premium provider of convenient and trusted biometric-based solutions, transforming public and private organizations across the globe. Follow them here: https://www.linkedin.com/company/idemia-public-security/
[24]7.ai™ customer engagement solutions use conversational artificial intelligence to understand customer intent, enabling companies to create personalized, predictive, and effortless customer experiences across all channels; attract and retain customers; boost agent productivity and satisfaction; and drive revenues while lowering costs. The world’s largest and most recognizable brands use [24]7.ai intent-driven technologies to serve several hundred million visitors through billions of conversations annually, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth. For more information, visit: www.247.ai. [24]7.ai is based in Campbell, California. [24]7.ai is a registered trademark of 24/7 Customer, Inc.
The Bosch Group is a leading global supplier of technology and services. It employs roughly 417,900 associates worldwide (as of December 31, 2024). According to preliminary figures, the company generated sales of 90.5 billion euros in 2024. Its operations are divided into four business sectors: Mobility, Industrial Technology, Consumer Goods, and Energy and Building Technology. With its business activities, the company aims to use technology to help shape universal trends such as automation, electrification, digitalization, connectivity, and an orientation to sustainability. In this context, Bosch’s broad diversification across regions and industries strengthens its innovativeness and robustness. Bosch uses its proven expertise in sensor technology, software, and services to offer customers cross-domain solutions from a single source. It also applies its expertise in connectivity and artificial intelligence in order to develop and manufacture user-friendly, sustainable products. With technology that is “Invented for life,” Bosch wants to help improve quality of life and conserve natural resources. The Bosch Group comprises Robert Bosch GmbH and its roughly 470 subsidiary and regional companies in over 60 countries. Including sales and service partners, Bosch’s global manufacturing, engineering, and sales network covers nearly every country in the world. Bosch’s innovative strength is key to the company’s further development. At 136 locations across the globe, Bosch employs some 86,900 associates in research and development, of which nearly 48,000 are software engineers. Instagram: https://www.instagram.com/boschglobal/ Facebook: https://www.facebook.com/BoschGlobal Glassdoor: https://bit.ly/3raTZnH Imprint: www.bosch.com/corporate-information Privacy statement: https://www.bosch.com/data-protection-notice-bosch-linkedin/
Infor is a global leader in business cloud software products for companies in industry specific markets. Infor builds complete industry suites in the cloud and efficiently deploys technology that puts the user experience first, leverages data science, and integrates easily into existing systems. Over 60,000 organizations worldwide rely on Infor to help overcome market disruptions and achieve business-wide digital transformation. Here are some key insights: • 60,000+ customers • 100+ offices • 1,700+ support experts • 2,000+ partners • 17,000+ employees • 175+ countries where customers are located • 15,000+ cloud customers • 40+ countries with Infor offices
Latest updates, reports, and threat intel affecting the global network.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.