Morrisons
Company Details
Linkedin ID:
morrisonsjobs
Website:
Employees number:
34,033
Number of followers:
321,786
NAICS:
43
Industry Type:
Homepage:
morrisons.jobs
IP Addresses:
0
Company ID:
MOR_1839965
Scan Status:
In-progress
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions
Morrisons Vendor Cyber Rating & Cyber Score
morrisons.jobsOur team of friendly faces works as one to provide shopping trips and a career experience you won’t find anywhere else. Together we work the Morrisons way. Constantly looking to do things even better, we work in partnership with our communities, colleagues, suppliers and British farmers to provide our customers with the freshest food at great value for money. Our people ‘Make Morrisons’. Our team spirit really is hard to beat. At the top of our game in all kinds of roles, we work as one team in our stores, distribution centres, manufacturing sites and Head office. In return for looking after our customers, we look after our people with great perks, lots of career opportunities and the training and support everyone needs to be the best they can be.
Morrisons A.I CyberSecurity Scoring
Morrisons Risk Score (AI oriented)Between 750 and 799
Morrisons
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Morrisons Global Score (TPRM)XXXX
Morrisons
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Morrisons Company CyberSecurity News & History
Past Incidents
3
Attack Types
2
Peter Green ChilledTesco, Sainsbury’s, Waitrose, Asda, Peter Green Chilled, Morrisons, Marks & Spencer, Co-op and Aldi: Supplier to Tesco, Aldi and other supermarkets hit with ransomware
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: UK Food Logistics Firm Hit by Ransomware, Disrupting Major Supermarket Supply Chains A ransomware attack on Peter Green Chilled, a key logistics provider for major UK supermarkets, has disrupted order processing for retailers including Tesco, Sainsbury’s, Asda, Waitrose, Co-op, Morrisons, M&S, and Aldi. The incident, which occurred last Wednesday, forced the Somerset-based company to suspend order handling on Thursday, though transport operations remained unaffected. Managing Director Tom Binks confirmed the attack in an email, stating that the firm was implementing workarounds to maintain deliveries while providing regular updates to clients. While existing schedules have largely held, concerns persist among suppliers of perishable goods over potential waste due to delays. This attack follows a recent surge in ransomware incidents targeting the UK retail sector, with Marks & Spencer, Co-op, and Harrods all experiencing disruptions in recent weeks. Phil Pluck, CEO of the Cold Chain Federation, noted a sharp rise in such attacks on food distribution networks, often unreported due to reputational risks. The cold chain sector’s tight timelines and high-volume perishable goods make it a lucrative target for cybercriminals. Security experts warn that supply chain vulnerabilities amplify the impact of such breaches. Richard Orange of Abnormal AI highlighted the risk of follow-on attacks, including vendor email compromise, where attackers impersonate suppliers to steal credentials or redirect payments. Meanwhile, Andy Norton of Armis reported that 41% of retailers have faced increased cyber threats in the past six months, with no signs of slowing. Peter Green Chilled has not yet provided further comment on the incident. A previous reference to Lidl as a client was retracted after the supermarket confirmed it no longer uses the firm’s services.
Morrisons: Ransomware hits supply chain software firm Blue Yonder ahead of Thanksgiving
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Blue Yonder Hit by Ransomware Attack, Disrupting Supply Chain Operations for Major Retailers Blue Yonder, a leading supply chain management software provider acquired by Panasonic in 2021, confirmed its managed services environment was disrupted by a ransomware attack on Thursday. The Arizona-based company serves global grocers, retailers, and logistics firms, helping streamline operations for high-profile clients. The attack prompted Blue Yonder to engage external cybersecurity experts and deploy defensive and forensic measures to contain the breach and assess its scope. While the company is actively monitoring its Azure public cloud environment reporting no signs of further suspicious activity officials have not provided an estimated timeline for full restoration. Among those affected, U.K. grocery chain Morrisons confirmed the incident disrupted its warehouse management system for fresh food and produce. The retailer stated it is operating on backup systems while working to maintain customer deliveries nationwide. No group has claimed responsibility for the attack, and details on compromised data remain undisclosed. Blue Yonder has notified impacted customers and is providing ongoing updates as the investigation continues. The timing of the attack just days before the U.S. Thanksgiving holiday adds pressure on retailers, who rely on peak operational efficiency during this critical sales period. The incident follows a separate cyberattack earlier this month on Ahold Delhaize’s U.S. operations, though it remains unclear whether ransomware was involved in that case.
Morrisons
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Wm Morrison supermarket suffered a data breach incident in 2014 which exposed the 100,000 employees' personal information. The attackers stole information including bank account details and published it online and even sent on a disc to a newspaper. West Yorkshire Police investigated the incident and took preventive steps to enhance the security of its internal data security systems and as set up a helpline for its staff.
Morrisons Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Morrisons
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Morrisons in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Morrisons in 2026.
Incident Types Morrisons vs Retail Industry Avg (This Year)
No incidents recorded for Morrisons in 2026.
Incident History — Morrisons (X = Date, Y = Severity)
Morrisons cyber incidents detection timeline including parent company and subsidiaries
Morrisons Company Subsidiaries
Our team of friendly faces works as one to provide shopping trips and a career experience you won’t find anywhere else. Together we work the Morrisons way. Constantly looking to do things even better, we work in partnership with our communities, colleagues, suppliers and British farmers to provide our customers with the freshest food at great value for money. Our people ‘Make Morrisons’. Our team spirit really is hard to beat. At the top of our game in all kinds of roles, we work as one team in our stores, distribution centres, manufacturing sites and Head office. In return for looking after our customers, we look after our people with great perks, lots of career opportunities and the training and support everyone needs to be the best they can be.
Loading...
Morrisons Similar Companies
Tractor Supply Company
For more than 85 years, Tractor Supply has been passionate about serving the needs of recreational farmers, ranchers, homeowners, gardeners, pet enthusiasts and all those who enjoy living Life Out Here. Tractor Supply is the largest rural lifestyle retailer in the U.S., ranking 296 on the Fortune 50
BİM Birleşik Mağazalar A.Ş
Türkiye’de perakende sektörünün lideri olan BİM Birleşik Mağazalar A.Ş., temel gıda ve tüketim malzemelerinin uygun fiyat ve yüksek kaliteyle tüketiciye ulaştırılması hedefiyle faaliyetlerine 1995 yılında 21 mağazayla başlamıştır. Yüksek indirim (hard-discount) modelinin Türkiye’deki ilk temsilcisi
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States. Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in
It takes guts to start a business during the Great Depression. And it takes vision to keep it going. Our founder, Hendrik Meijer, opened Thrifty Acres in 1934. Nearly thirty years later, his son, Fred, pioneered the world's first-ever supercenter, laying the groundwork for what we are today: a mult
El Corte Inglés is a world leader in large department stores and a benchmark of Spanish distribution. With more than 70 years' experience, the Group has maintained from the outset a policy of customer service and an ongoing concern with adapting itself to suit the tastes and needs of society.
Reliance Digital
Reliance Digital is a Consumer Electronics, Durables, IT & Telecom retail arm of Reliance Retail Group with more than 1300+ stores across India. Reliance Digital seeks to fulfill the dream of every Indian, be it through its nationwide network of conveniently located stores or through its presenc
Advance Auto Parts
Advance Auto Parts, Inc. is a leading automotive aftermarket parts provider that serves both professional installers and do-it-yourself customers. As of October 5, 2024, Advance operated 4,781 stores primarily within the United States, with additional locations in Canada, Puerto Rico and the U.S. Vi
7-Eleven introduced the world to convenience. And in return, the world made us the #1 convenience retailer. It started with a simple idea – give customers what they want, when and where they want it. That was 1927. And what started on a single ice dock in Dallas, Texas, has since grown to more than
Boxer Superstores
Boxer Superstores is one of Southern Africa’s fastest-growing discount supermarket chains, driven by a strong commitment to affordability, accessibility, and community. With operations across every province in South Africa and into the Kingdom of eSwatini, Boxer stands proudly as a full-service disc
.png)
Morrisons CyberSecurity News
July 23, 2025 07:00 AM
Buyout firms circle escrow arm of listed cybersecurity group NCC
Cap10 and Platinum Equity are among the parties which have expressed an interest in Escode, the software escrow and verification arm of NCC...
July 16, 2025 07:00 AM
Staffordshire woman, 20, bailed over cyber attacks on M&S, Co-op and Harrods
A young Staffordshire woman who was among four arrested for their suspected involvement in the damaging cyber attacks against Marks & Spencer, the Co-op and...
May 20, 2025 07:00 AM
Major supermarket supplier held to ransom after cyber attack
Distributor Peter Green Chilled, which supplies to supermarkets including Tesco, Sainsbury's and Aldi, told the BBC the cyber incident occurred last Wednesday...
May 06, 2025 07:00 AM
After M&S and Co-op’s cyber hacks, who’s next?
Two of the UK's most recognised supermarkets – M&S and Co-op – have fallen victim to significant cyber attacks, disrupting operations, triggering consumer...
May 04, 2025 07:00 AM
AI assistants, cyber attacks, gaming debuts: our most read retail technology articles from last week
Check out the articles on this here website that caught your fancy last week, including Marks and Spencer, Shopify, OpenAI, Blue Yonder, RELEX Solutions,...
May 01, 2025 07:00 AM
Harrods is latest retailer to be hit by cyber-attack
Luxury department store is forced to shut some systems but website and shops continue to operate.
May 01, 2025 07:00 AM
Co-op Cyber Attack: What Does It Mean For UK Retailers and Consumers?
UK supermarket group Co-op announced that cyber hackers were trying to break into its computer systems. This prompted the retailer to shut down parts of its IT...
April 30, 2025 07:00 AM
Co-op forced to shut down part of IT system after hack attempt
Exclusive: In a letter seen by the Guardian, staff were told steps had been taken to keep systems safe.
April 30, 2025 07:00 AM
Hackers target the Co-op as police probe M&S cyber attack
The Co-op has shut down parts of its IT systems in response to hackers attempting to gain access to them.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Morrisons CyberSecurity History Information
Official Website of Morrisons
The official website of Morrisons is http://www.morrisons.jobs.
Morrisons’s AI-Generated Cybersecurity Score
According to Rankiteo, Morrisons’s AI-generated cybersecurity score is 778, reflecting their Fair security posture.
How many security badges does Morrisons’ have ?
According to Rankiteo, Morrisons currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Morrisons been affected by any supply chain cyber incidents ?
According to Rankiteo, Morrisons has been affected by a supply chain cyber incident involving Peter Green Chilled, with the incident ID MARCALWAISAITOYTHEMORPET-TE1772023906.
Does Morrisons have SOC 2 Type 1 certification ?
According to Rankiteo, Morrisons is not certified under SOC 2 Type 1.
Does Morrisons have SOC 2 Type 2 certification ?
According to Rankiteo, Morrisons does not hold a SOC 2 Type 2 certification.
Does Morrisons comply with GDPR ?
According to Rankiteo, Morrisons is not listed as GDPR compliant.
Does Morrisons have PCI DSS certification ?
According to Rankiteo, Morrisons does not currently maintain PCI DSS compliance.
Does Morrisons comply with HIPAA ?
According to Rankiteo, Morrisons is not compliant with HIPAA regulations.
Does Morrisons have ISO 27001 certification ?
According to Rankiteo,Morrisons is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Morrisons
Morrisons operates primarily in the Retail industry.
Number of Employees at Morrisons
Morrisons employs approximately 34,033 people worldwide.
Subsidiaries Owned by Morrisons
Morrisons presently has no subsidiaries across any sectors.
Morrisons’s LinkedIn Followers
Morrisons’s official LinkedIn profile has approximately 321,786 followers.
NAICS Classification of Morrisons
Morrisons is classified under the NAICS code 43, which corresponds to Retail Trade.
Morrisons’s Presence on Crunchbase
No, Morrisons does not have a profile on Crunchbase.
Morrisons’s Presence on LinkedIn
Yes, Morrisons maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/morrisonsjobs.
Cybersecurity Incidents Involving Morrisons
As of April 02, 2026, Rankiteo reports that Morrisons has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Morrisons has an estimated 15,730 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Morrisons ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Morrisons detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with west yorkshire police, and remediation measures with enhance the security of its internal data security systems, and communication strategy with set up a helpline for its staff, and and third party assistance with external cybersecurity experts, and containment measures with defensive and forensic measures deployed, and recovery measures with actively monitoring azure public cloud environment, operating on backup systems, and communication strategy with notified impacted customers, providing ongoing updates, and enhanced monitoring with actively monitoring azure public cloud environment, and incident response plan activated with workarounds implemented to maintain deliveries, and containment measures with order processing suspended, and communication strategy with regular updates provided to clients..
Incident Details
Can you provide details on each incident ?
Title: Wm Morrison Supermarket Data Breach
Description: Wm Morrison supermarket suffered a data breach incident in 2014 which exposed the 100,000 employees' personal information.
Date Detected: 2014
Type: Data Breach
Title: Blue Yonder Hit by Ransomware Attack, Disrupting Supply Chain Operations for Major Retailers
Description: Blue Yonder, a leading supply chain management software provider, confirmed its managed services environment was disrupted by a ransomware attack on Thursday. The attack impacted global grocers, retailers, and logistics firms, including U.K. grocery chain Morrisons, which experienced disruptions to its warehouse management system for fresh food and produce. The company engaged external cybersecurity experts and deployed defensive and forensic measures to contain the breach. No group has claimed responsibility, and details on compromised data remain undisclosed.
Date Detected: 2023-11-23
Type: Ransomware
Title: UK Food Logistics Firm Hit by Ransomware, Disrupting Major Supermarket Supply Chains
Description: A ransomware attack on Peter Green Chilled, a key logistics provider for major UK supermarkets, has disrupted order processing for retailers including Tesco, Sainsbury’s, Asda, Waitrose, Co-op, Morrisons, M&S, and Aldi. The incident forced the company to suspend order handling while maintaining transport operations. The attack follows a recent surge in ransomware incidents targeting the UK retail sector.
Date Detected: last Wednesday
Type: ransomware
Motivation: financial gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MOR195617522
Data Compromised: Bank account details, Personal information
Incident : Ransomware MOR1771252089
Systems Affected: Managed services environment, warehouse management system
Operational Impact: Disrupted supply chain operations for major retailers, including warehouse management for fresh food and produce
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Systems Affected: order processing systems
Downtime: order handling suspended on Thursday
Operational Impact: disrupted order processing for major UK supermarkets
Brand Reputation Impact: potential reputational risk due to unreported incidents in the sector
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Bank Account Details and .
Which entities were affected by each incident ?
Incident : Data Breach MOR195617522
Entity Name: Wm Morrison Supermarket
Entity Type: Retail
Industry: Supermarket
Size: 100,000 employees
Incident : Ransomware MOR1771252089
Entity Name: Blue Yonder
Entity Type: Supply chain management software provider
Industry: Technology, Supply Chain, Logistics
Location: Arizona, USA
Customers Affected: Global grocers, retailers, and logistics firms
Incident : Ransomware MOR1771252089
Entity Name: Morrisons
Entity Type: Grocery chain
Industry: Retail, Grocery
Location: United Kingdom
Customers Affected: Nationwide customers
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Entity Name: Peter Green Chilled
Entity Type: logistics provider
Industry: food logistics / cold chain
Location: Somerset, UK
Customers Affected: Tesco, Sainsbury’s, Asda, Waitrose, Co-op, Morrisons, M&S, Aldi
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MOR195617522
Law Enforcement Notified: West Yorkshire Police,
Remediation Measures: enhance the security of its internal data security systems
Communication Strategy: set up a helpline for its staff
Incident : Ransomware MOR1771252089
Incident Response Plan Activated: True
Third Party Assistance: External cybersecurity experts
Containment Measures: Defensive and forensic measures deployed
Recovery Measures: Actively monitoring Azure public cloud environment, operating on backup systems
Communication Strategy: Notified impacted customers, providing ongoing updates
Enhanced Monitoring: Actively monitoring Azure public cloud environment
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Incident Response Plan Activated: workarounds implemented to maintain deliveries
Containment Measures: order processing suspended
Communication Strategy: regular updates provided to clients
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as workarounds implemented to maintain deliveries.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through External cybersecurity experts.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MOR195617522
Type of Data Compromised: Personal information, Bank account details
Number of Records Exposed: 100,000
Data Exfiltration: published it onlinesent on a disc to a newspaper
Personally Identifiable Information: personal information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: enhance the security of its internal data security systems, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by defensive and forensic measures deployed and order processing suspended.
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Actively monitoring Azure public cloud environment, operating on backup systems.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Lessons Learned: Supply chain vulnerabilities amplify the impact of cyber breaches; follow-on attacks (e.g., vendor email compromise) are a risk; perishable goods sectors are lucrative targets due to tight timelines.
What recommendations were made to prevent future incidents ?
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Recommendations: Enhance cybersecurity measures for supply chain partners; implement network segmentation; adopt adaptive behavioral WAF; use on-demand scrubbing services; monitor for follow-on attacks like vendor email compromise.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Supply chain vulnerabilities amplify the impact of cyber breaches; follow-on attacks (e.g., vendor email compromise) are a risk; perishable goods sectors are lucrative targets due to tight timelines.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Enhance cybersecurity measures for supply chain partners; implement network segmentation; adopt adaptive behavioral WAF; use on-demand scrubbing services; monitor for follow-on attacks like vendor email compromise..
References
Where can I find more information about each incident ?
Incident : Ransomware MOR1771252089
Source: Cyber Incident Description
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Source: Article describing the incident
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Cyber Incident Description, and Source: Article describing the incident.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware MOR1771252089
Investigation Status: Ongoing
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Investigation Status: ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Set Up A Helpline For Its Staff, Notified impacted customers, providing ongoing updates and regular updates provided to clients.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Ransomware MOR1771252089
Customer Advisories: Notified impacted customers, providing ongoing updates
Incident : ransomware MARCALWAISAITOYTHEMORPET-TE1772023906
Stakeholder Advisories: Regular updates provided to clients (supermarkets)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notified impacted customers, providing ongoing updates and Regular updates provided to clients (supermarkets).
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as External cybersecurity experts, Actively monitoring Azure public cloud environment.
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2014.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were bank account details, personal information and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was External cybersecurity experts.
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Defensive and forensic measures deployed and order processing suspended.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were bank account details and personal information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 100.0K.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Supply chain vulnerabilities amplify the impact of cyber breaches; follow-on attacks (e.g., vendor email compromise) are a risk; perishable goods sectors are lucrative targets due to tight timelines.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance cybersecurity measures for supply chain partners; implement network segmentation; adopt adaptive behavioral WAF; use on-demand scrubbing services; monitor for follow-on attacks like vendor email compromise..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Article describing the incident and Cyber Incident Description.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Regular updates provided to clients (supermarkets), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Notified impacted customers and providing ongoing updates.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
Risk Information
cvss3
Base: 7.8
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss4
Base: 8.4
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=morrisonsjobs' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
