TSC
Company Details
Linkedin ID:
trufflesecurity
Website:
Employees number:
50
Number of followers:
3,888
NAICS:
541514
Industry Type:
Homepage:
trufflesecurity.com
IP Addresses:
0
Company ID:
TRU_5470874
Scan Status:
In-progress
Truffle Security Co. Company CyberSecurity Posture
trufflesecurity.com
Our team of career security experts are dedicated to building robust and intelligent software that helps you protect your information. Security is our passion and our primary concern, and all features are developed with best practices in mind. Our flagship product, TruffleHog, runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. We're on a mission to secure sensitive data. https://www.youtube.com/c/TruffleSecurity
Truffle Security Co. A.I CyberSecurity Scoring
TSC Risk Score (AI oriented)Between 700 and 749
TSC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
TSC Global Score (TPRM)XXXX
TSC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
TSC Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Truffle Security Co.: Public GitLab repositories exposed more than 17,000 secrets
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. Luke Marshall used the TruffleHog open-source tool to check the code in the repositories for sensitive credentials like API keys, passwords, and tokens. The researcher previously scanned Bitbucket, where he found 6,212 secrets spread over 2.6 million repositories. He also checked the Common Crawl dataset that is used to train AI models, which exposed 12,000 valid secrets. GitLab is a web-based Git platform used by software developers, maintainers, and DevOps teams to host code, for CI/CD operations, development collaboration, and repository management. Marshall used a GitLab public API endpoint to enumerate every public GitLab Cloud repository, using a custom Python script to paginate through all results and sort them by project ID. This process returned 5.6 million non-duplicate repositories, and their names were sent to an AWS Simple Queue Service (SQS). Next, an AWS Lambda function pulled the repository name from SQS, ran TruffleHog against it, and logged the results. “Each Lambda invocation executed a simple TruffleHog scan command with concurrency set to 1000,” describes Marshall. “This setup allowed me to complete the scan of 5,600,000 repositories in just over 24 hours.” The total cost for the entire public GitLab Cloud repositories using the above method was $770. The researcher found 17,430 ver
TSC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for TSC
Incidents vs Computer and Network Security Industry Average (This Year)
Truffle Security Co. has 117.39% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Truffle Security Co. has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types TSC vs Computer and Network Security Industry Avg (This Year)
Truffle Security Co. reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — TSC (X = Date, Y = Severity)
TSC cyber incidents detection timeline including parent company and subsidiaries
TSC Company Subsidiaries
Our team of career security experts are dedicated to building robust and intelligent software that helps you protect your information. Security is our passion and our primary concern, and all features are developed with best practices in mind. Our flagship product, TruffleHog, runs behind the scenes to scan your environment for secrets like private keys and credentials, so you can protect your data before a breach occurs. We're on a mission to secure sensitive data. https://www.youtube.com/c/TruffleSecurity
Loading...
TSC Similar Companies
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
.png)
TSC CyberSecurity News
November 10, 2025 08:00 AM
The Weekly Notable Startup Funding Report: 11/10/25
The Weekly Notable Startup Funding Report takes us on a trip across various ecosystems in the US, highlighting some of the notable funding...
November 07, 2025 08:00 AM
Truffle Security raises $25m to boost AI-driven protection
Truffle Security, the firm behind the popular open-source project TruffleHog, has raised $25m in a Series B funding round to accelerate its...
November 07, 2025 08:00 AM
Identity Management and Information Security News for the Week of November 7th: Ping Identity, CyberArk, Veza, and More
The editors have curated a list of noteworthy news about identity management and information security from the week of November 7th.
November 06, 2025 08:00 AM
Truffle Security secures $25M to protect codebases from leaked secrets and nonhuman identities
Open-source security software company Truffle Security Co. announced today that it has raised $25 million in new funding to fuel continued...
October 30, 2025 07:00 AM
Former US Defense Contractor Executive Admits to Selling Exploits to Russia
Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.
October 02, 2025 07:00 AM
Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency
ENISA 2025 Threat Landscape report shows that a significant percentage of the attacks aimed at the EU over the past year targeted OT.
September 16, 2025 07:00 AM
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40...
September 15, 2025 07:00 AM
Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle
The implementation of zero trust is essential for cybersecurity: but after 15 years, we're still not there. Implementation is like the...
September 12, 2025 07:00 AM
Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack: Security Firm
Payment solutions company KioSoft took a long time to address a serious vulnerability affecting some of its NFC-based cards.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
TSC CyberSecurity History Information
Official Website of Truffle Security Co.
The official website of Truffle Security Co. is http://www.trufflesecurity.com.
Truffle Security Co.’s AI-Generated Cybersecurity Score
According to Rankiteo, Truffle Security Co.’s AI-generated cybersecurity score is 748, reflecting their Moderate security posture.
How many security badges does Truffle Security Co.’ have ?
According to Rankiteo, Truffle Security Co. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Truffle Security Co. have SOC 2 Type 1 certification ?
According to Rankiteo, Truffle Security Co. is not certified under SOC 2 Type 1.
Does Truffle Security Co. have SOC 2 Type 2 certification ?
According to Rankiteo, Truffle Security Co. does not hold a SOC 2 Type 2 certification.
Does Truffle Security Co. comply with GDPR ?
According to Rankiteo, Truffle Security Co. is not listed as GDPR compliant.
Does Truffle Security Co. have PCI DSS certification ?
According to Rankiteo, Truffle Security Co. does not currently maintain PCI DSS compliance.
Does Truffle Security Co. comply with HIPAA ?
According to Rankiteo, Truffle Security Co. is not compliant with HIPAA regulations.
Does Truffle Security Co. have ISO 27001 certification ?
According to Rankiteo,Truffle Security Co. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Truffle Security Co.
Truffle Security Co. operates primarily in the Computer and Network Security industry.
Number of Employees at Truffle Security Co.
Truffle Security Co. employs approximately 50 people worldwide.
Subsidiaries Owned by Truffle Security Co.
Truffle Security Co. presently has no subsidiaries across any sectors.
Truffle Security Co.’s LinkedIn Followers
Truffle Security Co.’s official LinkedIn profile has approximately 3,888 followers.
NAICS Classification of Truffle Security Co.
Truffle Security Co. is classified under the NAICS code 541514, which corresponds to Others.
Truffle Security Co.’s Presence on Crunchbase
Yes, Truffle Security Co. has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/truffle-security.
Truffle Security Co.’s Presence on LinkedIn
Yes, Truffle Security Co. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/trufflesecurity.
Cybersecurity Incidents Involving Truffle Security Co.
As of November 28, 2025, Rankiteo reports that Truffle Security Co. has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Truffle Security Co. has an estimated 2,797 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Truffle Security Co. ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Risk Information
cvss4
Base: 6.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Risk Information
cvss3
Base: 9.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
Description
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
Description
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Description
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=trufflesecurity' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
