What is the official website of Zip ?

The official website of Zip is https://ziphq.com.

What is Zip's cybersecurity risk score?

Zip has an AI-generated cybersecurity risk score of 758 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Zip experienced?

According to Rankiteo, Zip currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Zip been affected by any supply chain cyber incidents ?

According to Rankiteo, Zip has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does Zip have SOC 2 Type 1 certification ?

According to Rankiteo, Zip is not certified under SOC 2 Type 1.

Does Zip have SOC 2 Type 2 certification ?

According to Rankiteo, Zip does not hold a SOC 2 Type 2 certification.

Does Zip comply with GDPR ?

According to Rankiteo, Zip is not listed as GDPR compliant.

Does Zip have PCI DSS certification ?

According to Rankiteo, Zip does not currently maintain PCI DSS compliance.

Does Zip comply with HIPAA ?

According to Rankiteo, Zip is not compliant with HIPAA regulations.

Does Zip have ISO 27001 certification ?

According to Rankiteo,Zip is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Zip operate in ?

Zip operates primarily in the Software Development industry.

How many employees does Zip have ?

Zip employs approximately 1,156 people worldwide.

Does Zip own any subsidiaries ?

Zip presently has no subsidiaries across any sectors.

How many LinkedIn followers does Zip have ?

Zip's official LinkedIn profile has approximately 44,744 followers.

What is the NAICS classification code for Zip ?

Zip is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Zip have a Crunchbase profile ?

No, Zip does not have a profile on Crunchbase.

Does Zip have a LinkedIn profile ?

Yes, Zip maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/theziphq.

How many cybersecurity incidents has Zip experienced ?

As of June 23, 2026, Rankiteo reports that Zip has experienced 1 cybersecurity incidents.

How many peer or competitor companies does Zip have ?

Zip has an estimated 30,153 peer or competitor companies worldwide.

What types of cybersecurity incidents has Zip faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Zip

Boost Score +25 with badge (5 left)

758

/1000

Fair

783

/1000

Fair

Zip Vendor Cyber Rating & Cyber Score

ziphq.com

Add Your Compliance Badge

Zip is the world’s leading AI-powered procurement orchestration platform, empowering businesses to accelerate the procurement process, mitigate risk, and drive growth by offering a single front door to unify the teams, tasks, and tools involved in working with suppliers. With Zip, businesses can maximize employee adoption of purchasing policies and increase spend visibility and control. As the leading solution for optimizing business spend, Zip’s AI-powered platform is trusted by hundreds of leading enterprises worldwide, including AMD, Anthropic, Arm, Canva, Coinbase, Discover, Dollar Tree, HP, Instacart, Lyft, Northwestern Mutual, Pinterest, Prudential, Reddit, Sephora, Snowflake, Sprouts Farmers Market, and Toast to maximize the ROI of

Zip A.I CyberSecurity Scoring

Scoring History

Zip

Zip CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Zip

Vulnerability

7/2025

THE520205211202...

Loading…

A.I.

Zip Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Zip

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for Zip in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Zip in 2026.

Incident Types Zip vs Software Development Industry Avg (This Year)

No incidents recorded for Zip in 2026.

Incident History - Zip (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Zip Subsidiaries

Parent Company

Zip

Software Development

Website: https://ziphq.com

Company Size: 501-1,000 employees

No subsidiary data available for this company.

Loading…

Zip Similar Companies

Walmart Global Tech

walmart.com

Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail disruption. Our world-class software engineers, data scientists and engineers, cybersecurity professionals, product managers and business service professionals work with top talent on cutting-edge technologies that create unique and innovative experiences for our associates, customers and members across Walmart, Sam’s Club and Walmart International. At Walmart Global Tech, one line of code or bold idea can make life easier for hundreds of millions of people – talk about epic impact at a global scale.

Intuit

intuit.com

Intuit is a global technology platform that helps our customers and communities overcome their most important financial challenges. Serving millions of customers worldwide with TurboTax, QuickBooks, Credit Karma and Mailchimp, we believe that everyone should have the opportunity to prosper and we work tirelessly to find new, innovative ways to deliver on this belief. We encourage conversations on this page and will not delete comments that follow our terms of use. In order to keep this a safe community, the below posts may be removed: Repeated posts of the same content, spam or posts from fake accounts or profiles, offensive language or material, threats to others in the community, posts deliberately aimed to have a negative effect on the community or conversations.

Adobe

cb adobe.com

Adobe is the global leader in digital media and digital marketing solutions. Our creative, marketing and document solutions empower everyone – from emerging artists to global brands – to bring digital creations to life and deliver immersive, compelling experiences to the right person at the right moment for the best results. In short, Adobe is everywhere, and we’re changing the world through digital experiences.

Bosch Global Software Technologies

bosch-softwaretechnologies.com

With our unique ability to offer end-to-end solutions that connect the three pillars of IoT - Sensors, Software, and Services, we enable businesses to move from the traditional to the digital, or improve businesses by introducing a digital element in their products and processes. Now more than ever, companies across the world are becoming rapidly aware of the potential and impact of modern-day digital technologies on customers, people, and organisational processes. We aim to empower and translate this realisation into a new reality for enterprises, leveraging our in-depth understanding of global business complexities, the risk of disruption that digital technologies bring, and the technology thought leadership that we have built over decades of experience at Bosch. Founded in 1997, we are a 100% owned subsidiary of Robert Bosch GmbH, with over 35,000 associates across the globe. [Data protection notice: www.bosch-softwaretechnologies.com/en/terms-of-use/data-protection-notice/ ]

Just Eat Takeaway.com

justeattakeaway.com

Just Eat Takeaway.com is a leading global online delivery marketplace, connecting consumers and restaurants through our platform in 16 countries. Like a dinner table, working at JET brings our office employees and couriers together. From coding to customer service to couriers, JET is a fun, fast-paced and supportive place where you can be yourself. No day is the same. Our days are filled with new experiences. We see every challenge that comes our way as a chance to grow, both the business, and ourselves. We’re connected to millions of food-lovers, hundreds of thousands of connected partners and some of the best-known brands of the planet. When you take your seat here, you’ll find that a simple scribble on a napkin can turn into something seen by millions. Together we transform, create, reinvent and empower every food moment. As a leading online food tech company, JET brings together the stability of a global business, with the agility of a start-up. We got here by always staying one step ahead of the competition. So load up your plate with ideas that get you excited, because at JET everything is on the table. https://careers.justeattakeaway.com

Lazada

lazada.com

About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.

Cisco

cisco.com

Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all.

NetSuite

netsuite.com

Founded in 1998, Oracle NetSuite is the world’s first cloud company. For more than 25 years, NetSuite has helped businesses gain the insight, control, and agility to build and grow a successful business. First focused on financials and ERP, we now provide an AI-powered unified business system that includes inventory management, HR, professional services automation, and omnichannel commerce, used by more than 43,000 customers in 219 countries and dependent territories.

Meituan

meituan.com

Adhering to the ‘Retail + Technology’ strategy, Meituan commits to its mission that 'We help people eat better, live better'. Since its establishment in March 2010, Meituan has advanced the digital upgrading of services and goods retail on both supply and demand sides. Together with our partners we provide quality services for consumers. On 20 September, 2018, Meituan was listed on the Main Board of the Stock Exchange of Hong Kong. Meituan has always put customers first, and continuously increased its R&D investment in new technologies. Meituan will join hands with all partners to fulfill our social responsibility and create more values for the society.

Loading…

NEWS

Zip CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 27, 2026 10:34 AM

Hackers Use Phishing ZIP Files to Deploy PXA Stealer Against Financial Firms

PXA Stealer attacks rise, using phishing ZIP downloads to steal data, replacing Lumma and RedLine in global cybercrime campaigns.

Read Article

March 13, 2026 07:00 AM

Zombie ZIP vulnerability lets compressed malware leisurely stroll past 95% of antivirus apps — security suites are blissfully unaware of security issue

The ongoing arms race of cybersecurity and countermeasures has become incredibly advanced and complicated. More often than not,...

Read Article

March 10, 2026 05:11 PM

Malformed ZIP Files Allows Attackers to Bypass Antivirus and EDR Detections

A flaw in ZIP archive processing lets attackers hide malware in malformed headers, bypassing antivirus and EDR scanners.

Read Article

February 18, 2026 07:27 AM

Malicious Triton App Fork Emerges On GitHub, Posing Threat To Cybersecurity

A recent discovery on GitHub has raised alarms in the cybersecurity community, as a malicious fork of the legitimate macOS app Triton has.

Read Article

February 12, 2026 08:00 AM

Unofficial 7-zip.com website served up malware-laden downloads for over a week — infected PCs forced into a proxy botnet

When setting up a new PC, installing a utility like 7-zip, PeaZip, or WinRAR is something we tend to do almost without thinking.

Read Article

February 10, 2026 08:00 AM

Hackers Weaponizing 7-Zip Downloads to Turn Your Home Computers into Proxy Nodes

Fake 7-Zip installers from a lookalike site turn home PCs into residential proxy nodes while appearing fully legitimate.

Read Article

February 07, 2026 10:48 AM

Best 3 Cybersecurity Certifications for Mid-Level Professionals in 2026

Skills, knowledge, experience, and a solid grasp of cybersecurity concepts are non-negotiable for those aspiring to accelerate their cybersecurity careers...

Read Article

January 29, 2026 08:00 AM

WinRAR exploit reportedly remains widely-used by China and Russia state actors despite patch — vulnerability allows malicious archives to deliver a hidden payload to Windows Startup folder

A WinRAR exploit that has been discovered and patched in July 2025 remains widely used by threat actors — many of them government-backed...

Read Article

January 29, 2026 08:00 AM

AI-assisted cybersecurity team discovers 12 OpenSSL vulnerabilities, claims humans are the limiting factor — some vulnerabilities have been around for decades

OpenSSL is a security standard that protects most of the internet, and cybersecurity researchers have recently discovered vulnerabilities in...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-54236

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory addresses from error messages before they reach the client, is incomplete: several response paths echo str(exc) directly to clients without calling sanitize_message. The unsanitized sites include the Anthropic API router in vllm/entrypoints/anthropic/api_router.py (the POST /v1/messages and POST /v1/messages/count_tokens handlers), the Server-Sent Events streaming converter in vllm/entrypoints/anthropic/serving.py, and the realtime speech-to-text WebSocket in vllm/entrypoints/speech_to_text/realtime/connection.py. These paths catch the exception inside the route coroutine and construct the JSONResponse themselves, bypassing the sanitizing global FastAPI exception handler, and WebSocket frames do not traverse that handler chain at all. Using the same primitive as the parent issue, an unauthenticated attacker can send malformed image bytes through the Anthropic Messages API image content parts so that PIL.Image.open raises an UnidentifiedImageError whose message contains the BytesIO object repr, leaking the heap memory address verbatim in the error.message field of the response body. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 5.3)

cvss3

Base Score: 5.3

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Score

1.4

Exploitability

3.9

REFERENCES

CVE-2026-54235

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN and for positive Infinity in Python's IEEE 754 float semantics. Both values pass every guard and propagate to GPU sampling kernels, where they produce undefined behavior or CUDA errors that can crash the inference worker. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 6.9

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-54233

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB OPUS file expands to ~14.9GB of float32 PCM at decode time. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 6.5)

cvss3

Base Score: 6.5

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score

3.6

Exploitability

2.8

REFERENCES

CVE-2026-54232

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: 8.8)

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

2.8

REFERENCES

https://github.com/vllm-project/vllm/security/advisories/GHSA-jrf6-vqxq-pjv2

CVE-2026-53923

SUMMARY

vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf/gguf_kernel.cu) causes partial tensor processing. The output tensor is allocated at full size via torch::empty (uninitialized memory), but the dequantize CUDA kernel processes only a truncated number of elements. The unfilled portion of the output tensor retains whatever was previously in GPU memory. In multi-tenant inference deployments, this residual GPU memory may contain tensor data from other users' inference requests, constituting information disclosure. This vulnerability is fixed in 0.23.1rc0.

Published

Date2026-06-22

Updated

Date2026-06-22

RISK INFORMATION (Score: )

cvss4

Base Score: 5.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…