Yubico
Company Details
Linkedin ID:
yubico
Website:
Employees number:
598
Number of followers:
74,720
NAICS:
541514
Industry Type:
Homepage:
yubico.com
IP Addresses:
339
Company ID:
YUB_7382343
Scan Status:
Completed
Yubico Company CyberSecurity Posture
yubico.com
Yubico (Nasdaq Stockholm: YUBICO), the inventor of the YubiKey, offers the gold standard for phishing-resistant multi-factor authentication (MFA), stopping account takeovers in their tracks and making secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering hardware-based passwordless authentication using the highest assurance passkeys to customers in 160+ countries. Yubico’s solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience. As part of its mission to make the internet more secure for everyone, Yubico donates YubiKeys to organizations helping at-risk individuals through the philanthropic initiative, Secure it Forward. The company is headquartered in Stockholm and Santa Clara, CA. For more information on Yubico, visit us at www.yubico.com.
Yubico A.I CyberSecurity Scoring
Yubico Risk Score (AI oriented)Between 750 and 799
Yubico
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Yubico Global Score (TPRM)XXXX
Yubico
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Yubico Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Yubico
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Yubico, renowned for its YubiKey 5 series hardware tokens used for two-factor authentication, faced a significant issue with a cryptographic flaw allowing cloning of the devices. This vulnerability was identified as a side channel in the Infineon microcontroller used across several authentication products. Because updating the YubiKey firmware isn't feasible, all keys with firmware versions older than 5.7 remain permanently at risk. The exploitation of this flaw requires physical access and sophisticated technical knowledge. Although the implications are concerning, there has been no reported misuse of this flaw thus far.
Yubico Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Yubico
Incidents vs Computer and Network Security Industry Average (This Year)
No incidents recorded for Yubico in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Yubico in 2025.
Incident Types Yubico vs Computer and Network Security Industry Avg (This Year)
No incidents recorded for Yubico in 2025.
Incident History — Yubico (X = Date, Y = Severity)
Yubico cyber incidents detection timeline including parent company and subsidiaries
Yubico Company Subsidiaries
Yubico (Nasdaq Stockholm: YUBICO), the inventor of the YubiKey, offers the gold standard for phishing-resistant multi-factor authentication (MFA), stopping account takeovers in their tracks and making secure login easy and available for everyone. Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering hardware-based passwordless authentication using the highest assurance passkeys to customers in 160+ countries. Yubico’s solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience. As part of its mission to make the internet more secure for everyone, Yubico donates YubiKeys to organizations helping at-risk individuals through the philanthropic initiative, Secure it Forward. The company is headquartered in Stockholm and Santa Clara, CA. For more information on Yubico, visit us at www.yubico.com.
Loading...
Yubico Similar Companies
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
NETWORK-SECURITY-SOLUTIONS
## Our core business We manage linux / unix server infrastructures and build the efficient and secure networking environments using hardware cutting edge technologies suited to the needs of the project and the client. We believe in quality, opposed to quantity. Our company consists of highly
.png)
Yubico CyberSecurity News
November 24, 2025 08:00 AM
Black Friday 2025 cybersecurity deals to explore
Black Friday 2025 is shaping up to be a good moment for anyone thinking about tightening their cybersecurity, so here's deals worth a look.
November 11, 2025 08:00 AM
Yubico integrates third-party IDV into YubiKey services
Yubico is integrating third-party identity verification (IDV) into its YubiKey authentication ecosystem by partnering with HYPR and Nametag.
November 10, 2025 08:00 AM
Yubico (NASDAQ Stockholm: YUBICO) adds HYPR, Nametag IDV to YubiKey as a Service
Partnerships with HYPR and Nametag advance Yubico's BYOIDV, enabling verification before YubiKey issuance or PIN activation and supporting...
November 07, 2025 08:00 AM
Holiday's Hottest Gift: Yubico Deals Drop Just in Time to Block Every Hacker's Wish List
Yubico (NASDAQ STOCKHOLM: YUBICO), the creator of the most secure passkeys and the leading provider of hardware authentication security keys...
November 07, 2025 08:00 AM
Online Christmas shopping threats Australians should avoid on Black Friday: Yubico
Yubico deals drop in time to BlockeEvery hacker's Christmas wish list Yubico , the creator of secure passkeys and provider of hardware...
November 04, 2025 08:00 AM
Beyond Passwords: Yubico (YUBICO) to Detail Long-Term Growth Strategy Vision at Inaugural Investor Day
Yubico (NASDAQ STOCKHOLM: YUBICO), the creator of the most secure passkeys and leading provider of hardware authentication security keys,...
October 31, 2025 07:00 AM
Yubico bolsters APAC presence, touts device subscriptions
Swedish-American cyber security firm Yubico is expanding its footprint in the Asia-Pacific (APAC) region and touting its subscription...
October 29, 2025 07:00 AM
Secure Your Digital Accounts: YubiKeys Available Now in Stores at Best Buy
Yubico (NASDAQ STOCKHOLM: YUBICO), a modern cybersecurity company and creator of the most secure passkeys, today announced its signature...
October 14, 2025 07:00 AM
Dashlane and Yubico Partner to Launch Phishing-Resistant, Passwordless Credential Vault Login
Dashlane, a credential security leader, and Yubico, a modern cybersecurity company and creator of the most secure passkeys, have partnered...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Yubico CyberSecurity History Information
Official Website of Yubico
The official website of Yubico is http://www.yubico.com.
Yubico’s AI-Generated Cybersecurity Score
According to Rankiteo, Yubico’s AI-generated cybersecurity score is 753, reflecting their Fair security posture.
How many security badges does Yubico’ have ?
According to Rankiteo, Yubico currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Yubico have SOC 2 Type 1 certification ?
According to Rankiteo, Yubico is not certified under SOC 2 Type 1.
Does Yubico have SOC 2 Type 2 certification ?
According to Rankiteo, Yubico does not hold a SOC 2 Type 2 certification.
Does Yubico comply with GDPR ?
According to Rankiteo, Yubico is not listed as GDPR compliant.
Does Yubico have PCI DSS certification ?
According to Rankiteo, Yubico does not currently maintain PCI DSS compliance.
Does Yubico comply with HIPAA ?
According to Rankiteo, Yubico is not compliant with HIPAA regulations.
Does Yubico have ISO 27001 certification ?
According to Rankiteo,Yubico is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Yubico
Yubico operates primarily in the Computer and Network Security industry.
Number of Employees at Yubico
Yubico employs approximately 598 people worldwide.
Subsidiaries Owned by Yubico
Yubico presently has no subsidiaries across any sectors.
Yubico’s LinkedIn Followers
Yubico’s official LinkedIn profile has approximately 74,720 followers.
NAICS Classification of Yubico
Yubico is classified under the NAICS code 541514, which corresponds to Others.
Yubico’s Presence on Crunchbase
No, Yubico does not have a profile on Crunchbase.
Yubico’s Presence on LinkedIn
Yes, Yubico maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/yubico.
Cybersecurity Incidents Involving Yubico
As of December 17, 2025, Rankiteo reports that Yubico has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Yubico has an estimated 3,147 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Yubico ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
Incident Details
Can you provide details on each incident ?
Title: Cryptographic Flaw in YubiKey 5 Series
Description: Yubico faced a significant issue with a cryptographic flaw allowing cloning of the YubiKey 5 series devices. This vulnerability was identified as a side channel in the Infineon microcontroller used across several authentication products. Because updating the YubiKey firmware isn't feasible, all keys with firmware versions older than 5.7 remain permanently at risk. The exploitation of this flaw requires physical access and sophisticated technical knowledge. Although the implications are concerning, there has been no reported misuse of this flaw thus far.
Type: Cryptographic Vulnerability
Attack Vector: Side Channel
Vulnerability Exploited: Cryptographic Flaw in Infineon Microcontroller
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Cryptographic Vulnerability YUB004090624
Systems Affected: YubiKey 5 series devices with firmware versions older than 5.7
Which entities were affected by each incident ?
Incident : Cryptographic Vulnerability YUB004090624
Entity Name: Yubico
Entity Type: Company
Industry: Cybersecurity
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Cryptographic Vulnerability YUB004090624
Root Causes: Cryptographic flaw in Infineon microcontroller
Additional Questions
Impact of the Incidents
.png)
Latest Global CVEs (Not Company-Specific)
Description
Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.
Risk Information
cvss4
Base: 8.6
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Description
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=yubico' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
