WA A.I CyberSecurity Scoring
28/03/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for WSP in Australia in 2026.
No incidents recorded for WSP in Australia in 2026.
No incidents recorded for WSP in Australia in 2026.
At Mercer, A Marsh business, we’re helping our clients realize their investment objectives, shape the future of work, and enhance health and retirement outcomes for their people. As a business of Marsh, for 80 years, we’ve been helping our clients, colleagues and communities build the confidence to thrive, creating healthier and more sustainable futures. Together with Marsh Risk, Guy Carpenter, and Oliver Wyman, we help organizations build resilience and competitive advantages from every angle. With annual revenue over $24 billion and more than 90,000 colleagues in 130 countries, Marsh helps build the confidence to thrive through the power of perspective.
EY is building a better working world by creating new value for clients, people, society, the planet, while building trust in the capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams in more than 150 countries work across a full spectrum of services in assurance, consulting, tax, strategy and transactions, strengthened by sector experience and diverse ecosystem partners. Find out more about the EY global network: http://ey.com/en_gl/legal-statement
Allied Universal®, a leading security and facility services company, provides proactive security services and cutting-edge smart technology to deliver evolving, tailored solutions that allow clients to focus on their core business. Our excellence starts with our local leadership and local presence. In fact, in North America alone, we have an extensive network of offices to support our local communities and customers. We take pride in our extensive knowledge in a range of specialty sectors such as education, healthcare, retail, commercial real estate, government and corporate campuses, etc. We believe there is no greater purpose than serving and safeguarding customers, communities and people in today’s world. Allied Universal is There for you®.
Sweco is at the heart of the green transition - planning and designing the sustainable communities and cities of the future. Together with our clients and the collective knowledge of our 23,000 architects, engineers and other specialists, we co-create solutions to address urbanisation, capture the power of digitalisation, and make our societies more sustainable. Sweco is Europe’s leading engineering and architecture consultancy, with sales of approximately SEK 29 billion (EUR 2.5 billion). The company is listed on Nasdaq Stockholm.
SJ designs spaces and systems that unlock human potential, delivering connection and certainty on shifting ground. For over 75 years, SJ and its member companies have turned foresight into form and function through urban, infrastructure and managed services consulting. Through its business lines, it builds clarity into complexity, identity into infrastructure, character into skylines and insights into the future. SJ walks global expertise home in over 40 countries, with 16,000 specialists united by a culture of openness and excellence. As the next-generation partner for the built world, SJ pushes the boundaries of innovative design and technology — unlocking potential for Real impact, made together. The group continues a collective legacy of creating futures worth inheriting, meeting the needs of today and the aspirations of generations to come.
In the US, Grant Thornton LLP and Grant Thornton Advisors LLC (and their respective subsidiary entities) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Grant Thornton LLP is a licensed independent CPA firm that provides attest services to its clients, and Grant Thornton Advisors LLC and its subsidiary entities provide tax and business consulting services to their clients. Grant Thornton Advisors LLC and its subsidiary entities are not licensed CPA firms. With a unified, local presence across several countries – including the U.S., Ireland, and others, our platform represents a community of 18,000+ problem solvers, relationship builders, and quality-driven industry specialists. Serving clients across 16 distinct industries, we believe how we serve matters as much as what we do. Learn how we go beyond the expectations of business at GT.com.
A global leader in applied safety science, UL Solutions (NYSE: ULS) transforms safety, security and sustainability challenges into opportunities for customers in more than 110 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support our customers’ product innovation and business growth. The UL Mark serves as a recognized symbol of trust in our customers’ products and reflects an unwavering commitment to advancing our safety mission. We help our customers innovate, launch new products and services, navigate global markets and complex supply chains, and grow sustainably and responsibly into the future. Our science is your advantage.
We are one of the world’s leading professional services firms, uniting our engineering, advisory and science-based expertise to shape communities to advance humanity. From local beginnings to a globe-spanning presence today, we operate in over 50 countries and employ approximately 73,000 professionals, known as Visioneers. Together they pioneer solutions and deliver innovative projects across sectors: Transport & Infrastructure, Property & Buildings, Earth & Environment, Water, Power & Energy and Mining & Metals. Together let’s unlock potential everywhere. #WeAreWSP
Our organization is passionately committed to the pursuit of a better world through positive change. We embrace your visions as our own and partner with you to develop better ideas that are smarter, more efficient, and innovative. Our global network of 10,000 professionals work on the world’s toughest challenges. Our corporate roots extend back more than a hundred years, and our experience spans over 150 countries around the world in the metals, energy, infrastructure, digital, and investments market sectors. We are employee-owned and independent—free to bring our best thinking to your business. Our exceptional, diverse teams combine vast engineering and business knowledge, working in partnership with our clients to develop market strategies, manage and optimize production, develop new game-changing technologies, and design and deliver complex capital projects. We work closely with the communities in which we serve to ensure that our solutions optimize environmental protection, economic prosperity, and cultural vibrancy. We want their businesses, ecosystems, and communities to thrive, both now and into the future. Our people are passionate about our corporate purpose and values. We believe in long-term relationships with our partners, and are committed to our clients’ lasting success. We are “entrepreneurs with a technical soul.”
Latest updates, reports, and threat intel affecting the global network.
Aviation is entering one of the most transformative decades in its history. Passenger volumes are accelerating, technology expectations are...
The evolving infrastructure landscape is entering a critical phase shaped by delivery pressures, digital transformation, and the need for...
You may see a small, bright yellow vessel gliding across Aotearoa New Zealand's rivers and lakes in the months ahead.
Evidence-based mapping tool helps landowners reduce freshwater contamination risks using open-access GIS and spatial data.
A quiet revolution is unfolding in geotechnical engineering – and it's happening from space. We sat down with our geotechnical and surveying...
Through close collaboration between NZ Transport Agency Waka Kotahi, WSP, local hapū, and contractors, extensive geotechnical investigations, design,...
WSP earns top honours from Environment Analyst in three categories; three other projects highly commended.
Sydney's first metro is transforming the city by delivering faster, more sustainable, and accessible transportation, reducing travel times and connecting...
Major conservation and restoration work on Bondi Pavilion in Sydney has ensured that it remains true to its rich history.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.