Yac
Last Update: 2025-03-08 (UTC)
Between 750 and 799
Yac is a voice messaging platform for remote teams.
NAICS: 511
NAICS Definition:
Employees: 17
Subsidiaries: 0
12-month incidents
0
Known data breaches
0
Attack type number
0
Comparison Overview
Yac
VS
Just Eat Takeaway.com
Just Eat Takeaway.com
Last Update: 2024-11-06 (UTC)
Between 750 and 799
Just Eat Takeaway.com is a leading global online delivery marketplace, connecting consumers and restaurants through our platform in 19 countries. Like a dinner table, working at JET brings our office employees and couriers together. From coding to customer service to couriers, JET is a fun, fast-paced and supportive place where you can be yourself. No day is the same. Our days are filled with new experiences. We see every challenge that comes our way as a chance to grow, both the business, and ourselves. We’re connected to millions of food-lovers, hundreds of thousands of connected partners and some of the best-known brands of the planet. When you take your seat here, you’ll find that a simple scribble on a napkin can turn into something seen by millions. Together we transform, create, reinvent and empower every food moment. As a leading online food tech company, JET brings together the stability of a global business, with the agility of a start-up. We got here by always staying one step ahead of the competition. So load up your plate with ideas that get you excited, because at JET everything is on the table. https://careers.justeattakeaway.com
NAICS: 5112
NAICS Definition: Software Publishers
Employees: 12,376
Subsidiaries: 10
12-month incidents
0
Known data breaches
0
Attack type number
0
Compliance Badges Comparison
Security & Compliance Standards Overview
Yac
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
Just Eat Takeaway.com
ISO 27001
Not verified
SOC2 Type 1
Not verified
SOC2 Type 2
Not verified
GDPR
Not verified
PCI DSS
Not verified
HIPAA
Not verified
Compliance Summary
Yac
100%
Compliance Rate
0/4 Standards Verified
Just Eat Takeaway.com
0%
Compliance Rate
0/4 Standards Verified
Benchmark & Cyber Underwriting Signals
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Yac in 2025.
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Just Eat Takeaway.com in 2025.
Incident History — Yac (X = Date, Y = Severity)
Yac cyber incidents detection timeline including parent company and subsidiaries
Incident History — Just Eat Takeaway.com (X = Date, Y = Severity)
Just Eat Takeaway.com cyber incidents detection timeline including parent company and subsidiaries
Notable Incidents
Last 3 Security & Risk Events by Company
Yac
Incidents
No Incident
Just Eat Takeaway.com
Incidents
No Incident
FAQ
Just Eat Takeaway.com company demonstrates a stronger AI Cybersecurity Score compared to Yac company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.
Historically, Just Eat Takeaway.com company has disclosed a higher number of cyber incidents compared to Yac company.
In the current year, Just Eat Takeaway.com company and Yac company have not reported any cyber incidents.
Neither Just Eat Takeaway.com company nor Yac company has reported experiencing a ransomware attack publicly.
Neither Just Eat Takeaway.com company nor Yac company has reported experiencing a data breach publicly.
Neither Just Eat Takeaway.com company nor Yac company has reported experiencing targeted cyberattacks publicly.
Neither Yac company nor Just Eat Takeaway.com company has reported experiencing or disclosing vulnerabilities publicly.
Neither Yac nor Just Eat Takeaway.com holds any compliance certifications.
Neither company holds any compliance certifications.
Just Eat Takeaway.com company has more subsidiaries worldwide compared to Yac company.
Just Eat Takeaway.com company employs more people globally than Yac company, reflecting its scale as a Software Development.
Neither Yac nor Just Eat Takeaway.com holds SOC 2 Type 1 certification.
Neither Yac nor Just Eat Takeaway.com holds SOC 2 Type 2 certification.
Neither Yac nor Just Eat Takeaway.com holds ISO 27001 certification.
Neither Yac nor Just Eat Takeaway.com holds PCI DSS certification.
Neither Yac nor Just Eat Takeaway.com holds HIPAA certification.
Neither Yac nor Just Eat Takeaway.com holds GDPR certification.
Latest Global CVEs (Not Company-Specific)
Description
Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected files can lead to RCE. Must be chained with a prompt injection or malicious model attach. Only affects systems supporting NTFS. This issue is fixed in version 2.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
Cursor is a code editor built for programming with AI. In versions 1.7.52 and below, manipulating internal settings may lead to RCE. Cursor detects path manipulation via forward slashes (./.cursor/./././././mcp.json etc.), and requires human approval to complete the operation. However, the same kind of manipulation using backslashes was not correctly detected, allowing an attacker who had already achieved prompt injection or some other level of control to overwrite sensitive editor files without approval on Windows machines. This issue is fixed in version 2.0.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the server. If an attacker is able to convince a victim to navigate to a malicious deeplink, the victim will not see the correct speedbump modal, and if they choose to accept, will execute commands specified by the attackers deeplink.
Risk Information
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the title field. When a user views the link details page and the shareable links are rendered, the malicious JavaScript executes in their browser. This vulnerability affects multiple sharing services and can be exploited to steal session cookies, perform actions on behalf of users, or deliver malware. This issue is fixed in version 2.4.0.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash.
Risk Information
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
