Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence

Trending Organizations

The organizations the security industry is discussing right now. Ranked by mention velocity across breach reports, vendor advisories, and threat intelligence — refreshed continuously.

Ranked by Mallory's mention-velocity model across sources.

Mention map — Last week

Sized by mentions
Tile size: mentions · Color: mention volume·HighestHighMediumLowLowest

Top 24 organizations — Last week

#1GitHub
Corporation

GitHub is a software development and source code hosting platform referenced throughout the content as the provider of Git repositories, pull requests, security advisories, GitHub Actions CI/CD workflows, Codespaces, GitHub Pages, GitHub Desktop, GitHub CLI artifacts, and GitHub Enterprise Server. The content also references GitHub Copilot and GitHub security advisory contact addresses, indicating the broader GitHub product ecosystem. Security-relevant mentions in the content include use of GitHub repositories to publish proof-of-concept exploits, GitHub Security Advisories for vulnerability disclosure, malicious code implanted in public GitHub repositories, large-scale compromise of public repositories in the PolinRider activity, abuse of GitHub Actions runners and mutable action tags in supply-chain attacks, and attacker fallback exfiltration via victim-controlled GitHub repositories. The content does not provide high-confidence details on GitHub’s size, headquarters location, or corporate ownership, so those are not included.

Mentions317Industry4510
#2Google
Corporation

Google is a major multinational technology company. The provided content associates it with a broad portfolio of products, services, and business units including Android, Chrome, Chromium, Gmail, Google Cloud Platform (GCP), Google Maps, Google Play, YouTube, DeepMind, Project Zero, Google Threat Intelligence Group (GTIG), and Mandiant. The aliases also indicate the broader corporate relationship with Alphabet and Google LLC. Security-relevant activity directly mentioned in the content includes Google’s kernelCTF vulnerability research and bounty program; Google Project Zero and Google researchers’ security work; Google Threat Intelligence Group and Mandiant reporting on threat activity; participation in joint disruption operations against residential proxy and botnet ecosystems including NetNut, IPIDEA, and Badbox 2.0; disabling attacker accounts and cloud services used for command-and-control; notifying affected Android users; and using Google Play Protect to deactivate malicious applications. The content also notes Google acknowledged vulnerability reports affecting Quick Share for Windows and awarded a bounty for one reported heap use-after-free issue. No verified employee count or headquarters location is directly stated in the provided content.

Mentions298HQUS
#3Microsoft Corporation
Corporation

Microsoft Corporation is a major multinational technology company best known as Microsoft. Based on the provided content, it operates a broad portfolio spanning Windows, Microsoft 365, Azure, Edge, Defender, Active Directory/Entra ID, developer tooling, and security research functions. The aliases in the content reflect both the parent company and many of its products and business units, including Azure, Windows, Office/Microsoft 365, Edge, Defender, MSRC, and MSTIC. The content directly references multiple Microsoft product and security activities in 2026. Microsoft announced that it will transition its critical products and services to post-quantum cryptography by 2029 under its Microsoft Quantum Safe Program and Secure Future Initiative. It released Windows 11 OOBE update KB5095189 for versions 24H2 and 25H2 to improve onboarding stability and reliability, with no associated CVE or security advisory. Microsoft also confirmed and mitigated a Windows 11 emoji-panel GIF outage caused by Google retiring the Tenor API, replacing it with GIPHY in preview updates. The content also discusses Microsoft in a security operations context. A large password-spray campaign targeted Microsoft Azure CLI logins and compromised at least 78 Microsoft accounts across 64 organizations by abusing the deprecated ROPC flow and Conditional Access misconfigurations. Microsoft has long advised against ROPC because it does not support MFA. The material further references Microsoft Defender and Microsoft Defender for Endpoint as security products relevant to malware detection and telemetry, and mentions Microsoft Security Blog guidance related to the Trivy supply-chain compromise. Additional product-related references include Microsoft Edge 150 adding Google account sign-in support on Windows and macOS, and technical discussion of Microsoft-introduced Resource-Based Constrained Delegation in Windows Server 2012. The content also cites a vulnerability-count ranking in which Microsoft appears with 843 CVE-associated entries in the vendor-oriented statistics. No headquarters, employee count, or breach affecting Microsoft itself is directly stated in the provided content.

Mentions298HQUS
#4cvefeed.io
Website

cvefeed.io is a website focused on vulnerability and exploit intelligence, particularly CVE tracking and public proof-of-concept/exploit discovery. The content indicates that it publishes CVE detail pages, affected-product tables, and exploit listings, and that it scans GitHub repositories to detect newly published proof-of-concept exploits. It also presents public exploit listings tied to CVEs and notes repository metadata such as creation date, update time, stars, forks, and watchers. The organization appears to operate the cvefeed.io service and website. High-confidence location, organization size, and corporate ownership details are not available in the provided content. No security incident or breach involving cvefeed.io itself is mentioned in the content.

Mentions176Industry9130
#5Anthropic
Corporation

Anthropic, PBC is an AI company that develops the Claude family of models and related products, including Claude Code, Claude Cowork, Claude browser, Claude Desktop for Windows, and models referenced in the content such as Claude Fable 5, Mythos, and Opus. The organization is directly associated with AI model development and deployment, including cybersecurity-focused safeguards and evaluation programs. Security-relevant activity in the content includes publication of technical documentation for Claude Fable 5’s cybersecurity safeguards, a draft Cyber Jailbreak Severity framework developed with Glasswing, and launch of a HackerOne program for researchers to report potential cyber jailbreaks. The content also references multiple security incidents, allegations, and research involving Anthropic products: reported but independently unverified allegations that Claude Code contained covert environment-detection logic affecting Chinese enterprises; LayerX’s report that Anthropic’s attempted fix for the BioShocking prompt-injection issue in its Claude browser did not stop the proof of concept; and Armadin’s disclosure of a vulnerability chain in Claude Cowork on Windows that allowed an attacker with prior local code execution to run commands as root inside the product’s isolated Linux sandbox. Additional mentions note that Anthropic’s Mythos model was credited with discovering CVE-2026-43074 and that Claude-assisted research was used in vulnerability discovery and exploitation workflows.

Mentions136Industry4510
#6Apple
Corporation

Apple is a major technology company whose products and services referenced in the content include macOS, iOS, iPadOS, iCloud, Apple Podcasts, AirDrop, HomeKit, Hide My Email, and Apple ID. The content directly associates Apple with consumer hardware, operating systems, cloud and communications features, and app-platform ecosystems. Security-relevant references in the content include: Apple AirDrop vulnerabilities identified in a 2026 academic study, including three pre-authentication issues affecting macOS and iOS; a reported vulnerability in Apple’s Hide My Email feature within iCloud+ that could reveal a user’s real email address and was said to remain unfixed for more than a year at the time of reporting; Apple’s mitigation of HomeKit-related issues used in the PWNYOURHOME Pegasus zero-click exploit chain via iOS 16.3.1 security improvements; and Apple mercenary-spyware threat notifications sent to targeted users including Stelios Kouloglou. The content also notes Apple’s introduction of an iOS 27 security framework called Trust Insights intended to detect social-engineering scams in real time, and cites Apple in CVE-count discussions with 284 vendor-associated entries and iOS/iPadOS with 124 product-associated entries in the referenced statistics. The organization is also mentioned in connection with app-store takedown directives in India affecting mobile applications distributed through Google and Apple platforms.

Mentions109HQUS
#7Openai
Corporation

OpenAI is an artificial intelligence organization and major industry player associated with products and services including ChatGPT, Codex Security, ChatGPT Atlas, and the Trusted Access for Cyber program. The content references OpenAI in the context of AI model usage, AI-assisted security research, browser-agent security, and policy proposals related to AI-driven economic growth. OpenAI collaborated with Trail of Bits on Patch the Planet, an initiative that paired engineers and frontier models with open-source projects and filed 64 pull requests in its first week; the content also states OpenAI and Trail of Bits launched the effort on June 22. Security-relevant references in the content include that two OpenAI employees were reportedly affected by the Mini Shai-Hulud campaign, threat actors created fraudulent OpenAI organizations and sent invitations from noreply@tm.openai.com in the Poisoned Tenant campaign, OpenAI patched an issue disclosed by LayerX affecting ChatGPT Atlas in the BioShocking prompt-injection research, and OpenAI remediated a ChatGPT file-download vulnerability chain reported by zer0dac by redesigning the URL download flow. The content also mentions OpenAI personnel credited in CVE-2026-43716 and notes OpenAI’s proposal for an AI wealth fund discussed with U.S. officials and Senator Bernie Sanders.

Mentions108Industry4510
#8Amazon Web Services
Corporation

Amazon Web Services (AWS) is Amazon’s cloud computing platform and is widely referenced in the provided content as a major hyperscale cloud provider. The content associates AWS with services and products including Amazon S3, CloudFront, AWS regions, CloudTrail, AWS Web Application Firewall, AWS CIRT, and Amazon Q Developer. AWS appears in multiple security contexts in the source material: malware and supply-chain campaigns targeted or searched for AWS credentials, IAM credentials, cloud access tokens, API keys, and S3-related data; incident responders performed CloudTrail searches across all 29 AWS regions in one investigation; and AWS-specific services such as S3 are noted as susceptible to namespace-related takeover risks when misconfigured. The content also mentions security-relevant product exposure, including a disclosed CVSS 8.5 vulnerability in Amazon Q Developer that allowed automatic execution of malicious configuration files. Operationally, the content notes significant AWS outages, including an October 20, 2025 outage linked to a network health monitor issue and a May 2026 US-East-1 outage caused by a thermal event and power loss at a Virginia data center, with disruption to core services such as EC2 and EBS. The material does not provide direct high-confidence details on AWS employee count or headquarters location.

Mentions101HQUS
#9Meta Platforms
Software Vendor

Meta, formerly known as Facebook, is a large global technology company that operates major social and communications platforms including Facebook, Instagram, WhatsApp, and Threads. The provided content also references Meta AI, Meta Pixel, React, and Meta Platforms, Inc., indicating a broad platform and software ecosystem. Meta is directly associated in the content with WhatsApp product development, including a phased global rollout of WhatsApp usernames and the WhatsApp Private Processing system. The content states that WhatsApp has more than three billion users worldwide and that India is WhatsApp’s largest market with more than 850 million users. Security-relevant references in the content include academic analysis of Meta’s Private Processing for WhatsApp as one of several real-world attested TLS implementations affected by CVE-2026-33697, concerns from India’s Ministry of Electronics and Information Technology that WhatsApp usernames could increase phishing and impersonation risk, and reporting that attackers took over as many as 20,225 Instagram accounts by abusing Meta’s High Touch Support password reset workflow. The content also notes that Facebook, WhatsApp, and Instagram were cited as major channels facilitating scam interactions, and that Meta has said it could pull out of Europe if transatlantic data transfers to the United States were no longer permitted.

Mentions48HQUS
#10Cloudflare
Corporation

Cloudflare is a web infrastructure and security company referenced throughout the content as a widely used provider of internet-facing services including Cloudflare Tunnel, Cloudflare Workers, Cloudflare Pages, Cloudflare WAF, Cloudflare Turnstile, Cloudflare R2, bot management, and DNS/name server hosting. The content shows Cloudflare infrastructure being used both legitimately and abusively: attackers used TryCloudflare tunnels and Cloudflare Tunnel for command-and-control and payload delivery, Cloudflare Workers and workers.dev subdomains for phishing and malware staging, and Cloudflare-fronted hosting to mask origin servers or provide TLS. Cloudflare is also described as operating anti-bot and verification technologies such as Turnstile and WAF, and in 2026 introduced new controls for website owners to manage AI crawler traffic across Search, Agent, and Training categories. The content further notes Cloudflare participation with Google, Mozilla, and Microsoft in proposing Private Access Control Tokens (PACT). Security-relevant mentions include Cloudflare fingerprints on phishing and fraud infrastructure, Cloudflare name servers on malicious domains, and reports that some domains were classified as malicious by Cloudflare. No headquarters, employee count, or breach information is directly stated in the provided content.

Mentions45HQUS
#11VulnCheck
Corporation

VulnCheck is a cybersecurity organization and vulnerability intelligence source referenced repeatedly as the source for CVE entries and related security reporting. In the provided content, VulnCheck is cited as the source for numerous vulnerability records published or modified in July 2026, covering issues such as remote code execution, SQL injection, command injection, path traversal, denial of service, hard-coded credentials, and arbitrary file upload vulnerabilities across a range of products. The content also attributes to VulnCheck tracking of exploitation activity for every 2025 CVE, reporting that about 1% were ever used in an attack. No high-confidence information about the organization’s size, headquarters location, or corporate structure is directly stated in the content.

Mentions45Industry4510
#12International Business Machines
Corporation

IBM, also known as International Business Machines and commonly referred to as IBM, is a major multinational technology company. The content associates IBM with enterprise software, infrastructure, AI, cybersecurity research, open-source security, quantum-readiness research, and storage/security technologies. Referenced IBM products and business areas include WebSphere Application Server, Db2, Langflow OSS, IBM storage software, IBM Security X-Force, and quantum-safe readiness research. IBM is also identified as the parent company of Red Hat. The content highlights several notable IBM activities. IBM and Red Hat reportedly committed $5 billion to Project Lightwell, a subscription-based service focused on identifying vulnerabilities in the specific open-source versions enterprises run, producing backported fixes, and delivering signed validated patches under SLAs; IBM said 20,000 engineers were dedicated to the effort. IBM was also cited as participating in Anthropic’s Project Glasswing and as being actively involved in more than 61,700 open-source packages, with lifecycle management expertise across more than 10,600 packages. IBM research and reporting cited in the content include the 2025 Cost of a Data Breach Report, which the content says estimated average breach costs at $4.44 million globally and $10.22 million in the United States, and a 2025 Quantum-Safe Readiness survey that found an approximately 36% shortfall in quantum-safe cryptography expertise. IBM’s Adversarial Robustness Toolbox (ART) is also referenced as a tool used for generating adversarial examples in machine learning security contexts. Security-relevant information in the content is substantial. IBM is the source for multiple vulnerability disclosures affecting its products. These include WebSphere Application Server cross-site scripting issues, including CVE-2026-11594 affecting versions 9.0 and 8.5 and CVE-2026-11708 affecting the administrative console integrated help system. IBM Db2 is described as affected by CVE-2026-10109, a critical remote code execution vulnerability in pre-authentication DRDA handshake handling affecting Db2 Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4, with no workaround available according to the content. The content also lists numerous critical and high-severity vulnerabilities in IBM Langflow OSS, including arbitrary code execution, insecure deserialization, improper authorization, missing authentication, credential disclosure, and cross-tenant abuse issues across versions in the 1.0.0 through 1.10.0 range. IBM is additionally referenced through IBM X-Force reporting that generative AI made phishing email generation 11.4 times faster at comparable quality. The content does not provide a headquarters location or employee count for IBM, so that information is currently not available from the provided material.

Mentions42HQUS
#13Oracle
Corporation

Oracle, formally referenced in the content as Oracle Corporation, is a major enterprise software and cloud technology company. The content associates Oracle with products and services including Oracle PeopleSoft, Oracle E-Business Suite, Oracle MySQL and MySQL Connectors, Oracle Solaris Engineering, and Oracle Cloud. Oracle is also listed as a capability provider on the U.S. Department of Defense’s GenAI.mil platform. Security-relevant activity in the content centers on Oracle enterprise software being targeted in multiple campaigns. Oracle PeopleSoft was linked to a broad exploitation campaign involving CVE-2026-35273, a critical unauthenticated remote code execution flaw affecting PeopleTools 8.61 and 8.62. Oracle warned Nissan about attacks affecting HR records at hundreds of companies, and Nissan said it coordinated with Oracle during its incident response to a breach affecting employee data. Oracle E-Business Suite is also prominently discussed: researchers reported more than 900, and roughly 950, internet-exposed Oracle E-Business Suite instances, and active exploitation of CVE-2026-46817 in the Oracle E-Business Suite Payments module shortly after Oracle patched it. The content states this flaw affects Oracle E-Business Suite versions 12.2.3 through 12.2.15 and enables unauthenticated access to sensitive files or system takeover depending on the report cited. The content also mentions a vulnerability in Oracle MySQL Connector/J and references Oracle in broader reporting on CVE counts, where Oracle Corporation is listed with 445 entries in one cited dataset.

Mentions40HQUS
#14Cisco Systems
Corporation

Cisco is a large enterprise technology and cybersecurity company known for networking, communications, and security products and services. In the provided content it appears under multiple brands and business units, including Cisco Talos, Cisco PSIRT, Meraki, Duo Security, AnyConnect, Catalyst Center, Unified Communications Manager, Secure Endpoint Connector, and ClamAV-related Talos activity. The content shows Cisco as both a vendor whose products are widely deployed in enterprise environments and a security research organization contributing threat intelligence and incident reporting. Security-relevant activity directly mentioned in the content includes Cisco Talos research on the ARToken phishing platform and its links to the EvilTokens ecosystem targeting Microsoft 365, as well as Cisco Talos maintaining ClamAV releases. Cisco also published multiple security advisories on July 1, 2026 covering Cisco Catalyst Center Release 2.3.7, Cisco Catalyst Center Release 3.1, and Secure Endpoint Connector. Specific issues mentioned include CVE-2026-20191, a high-severity arbitrary file read/path traversal vulnerability in Cisco Catalyst Center, active exploitation of CVE-2026-20230 affecting Cisco Unified Communications Manager and Unified CM SME, and multiple ClamAV engine vulnerabilities that could cause denial-of-service conditions in Cisco Secure Endpoint Connector deployments. The content also notes Cisco products such as IOS XE and edge appliances being targeted by threat actors for initial access in broader intrusion and ransomware activity. No headquarters, employee count, or organization size is directly stated in the provided content.

Mentions36HQUS
#15Any.Run
Corporation

ANY.RUN is an organization and security product brand referenced in the content through messaging such as "Integrate ANY.RUN With Your SOC" and "Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations." Based on the provided material, it operates in the cybersecurity sector and positions its offering around SOC integration, faster threat detection, and rapid investigations. No high-confidence details are provided in the content about its size, headquarters location, ownership, or any security incidents involving the organization.

Mentions32Industry4510
#16Huntress
Corporation

Huntress is a cybersecurity company and security research firm. The content refers to it as a managed cybersecurity company and cybersecurity firm, and cites its researchers, SOC, and executives including CEO Kyle Hanslovan and Justin Allen, senior manager of security operations. Huntress publishes threat research and incident reporting, including a 2026 Cyber Threat Report, and is repeatedly cited for investigations into active threats affecting customers and broader industry targets. High-confidence activities mentioned in the content include Huntress tracking a large automated password-spraying campaign against Microsoft 365 and Azure CLI logins in June 2026, reporting more than 81 million login attempts and 78 compromised Microsoft accounts across 64 organizations; researching ClickFix social-engineering activity and reporting that it accounted for more than 53% of malware loader activity in 2025; investigating a February 2026 BYOVD intrusion in which attackers used stolen VPN credentials and a vulnerable signed driver; detecting and containing a web-server intrusion involving a steganographic webshell, defense evasion, and credential dumping; and reporting exploitation of Windows flaws in April 2026. The content also states Huntress observed a more than 155-fold increase in credential-spraying volume across its customer base. Security-relevant organizational issues mentioned in the content include allegations of an insider-threat incident involving a Huntress employee who communicated with a ransomware operator known as Devman and disclosed that law enforcement had requested information about him. Huntress CEO Kyle Hanslovan acknowledged poor judgment and said the company implemented stricter policies and administrative actions, while stating its investigation found no illegal conduct or insider activity and remained ongoing. The content also mentions that Huntress disclosed being affected by a June 2026 supply-chain compromise tied to Klue. No reliable information about Huntress's size or headquarters location is directly provided in the content.

Mentions31Industry4510
#17Nvidia
Corporation

NVIDIA, formally NVIDIA Corporation, is a U.S. technology company best known for GPUs and AI computing hardware and software. In the provided content, it appears in contexts spanning AI chips and servers, Linux/OpenBMC platform development, government AI deployments, and multiple product security advisories. The content specifically references NVIDIA’s Vera Rubin VR-NVL server platform and upstream Linux kernel and U-Boot/OpenBMC work for its baseboard management controller, as well as NVIDIA capabilities being hosted on the U.S. Department of Defense’s GenAI.mil platform. Security-relevant activity directly mentioned in the content includes several NVIDIA product vulnerabilities and advisories. These include CVE-2026-24260 in NVIDIA Container Toolkit for Linux, described as a high-severity TOCTOU race condition that could enable code execution, privilege escalation, and data tampering; CVE-2026-24270 in the NVIDIA AIStore framework, described as a critical authentication bypass vulnerability that is remotely exploitable; and CVE-2025-23350 and CVE-2025-23351 affecting NVIDIA ConnectX and BlueField, both described as critical command-interface flaws that can lead to out-of-bounds writes and arbitrary code execution on the device. The content also places NVIDIA at the center of export-control and supply-chain investigations involving advanced AI chips. Singaporean and Taiwanese authorities are described as investigating alleged smuggling or diversion of servers that may have contained advanced NVIDIA AI chips subject to U.S. export controls, with allegations that intermediaries misrepresented end users and routed systems through Singapore, Malaysia, Thailand, or Taiwan before possible delivery into China. Additional references note scrutiny of whether Chinese entities, including DeepSeek, obtained restricted NVIDIA GPUs through third parties. The content further mentions NVIDIA as a participant in Anthropic’s Project Glasswing and as a signatory in broader AI and cybersecurity policy discussions.

Mentions30HQUS
#18Adobe
Software Vendor

Adobe is a software company known for products and services including Adobe ColdFusion, Adobe Campaign Classic, Adobe Creative Cloud, Adobe Document Cloud, Adobe Reader, and Magento/Adobe Commerce. The provided content also references Adobe Inc., Adobe Incorporated, Adobe Systems, and Adobe Systems Incorporated as aliases. Security-relevant activity directly mentioned in the content includes multiple Adobe security advisories and patches published in late June and early July 2026. On June 30, 2026, Adobe published Priority 1 advisories APSB26-68 and APSB26-69 covering 12 vulnerabilities in Adobe ColdFusion and Adobe Campaign Classic. Affected products included ColdFusion 2025 Update 9 and earlier, ColdFusion 2023 Update 20 and earlier, and Adobe Campaign Classic v7 7.4.3 build 9396 and earlier for on-premises deployments. The vulnerabilities included several maximum-severity CVSS 10.0 issues such as unrestricted file upload, improper input validation, path traversal, and incorrect authorization flaws that could enable arbitrary code execution, as well as additional issues enabling arbitrary file read, privilege escalation, SSRF, XSS, and security bypass. Adobe fixed the ColdFusion issues in ColdFusion 2025 Update 10 and ColdFusion 2023 Update 21, and fixed the Campaign Classic issue in build 9397. The content states Adobe said it was not aware of in-the-wild exploitation for those specific issues at disclosure time. The content also notes Adobe announced a move from monthly to twice-monthly security bulletins starting July 14, 2026. Separately, the content mentions that over the last five years CISA added 79 Adobe product vulnerabilities to its Known Exploited Vulnerabilities catalog, with 10 of those also abused by ransomware gangs. Adobe is also referenced as a commonly spoofed brand in phishing campaigns and as one of the signatories represented by executives in an open letter concerning AI export controls.

Mentions30HQUS
#19HackerOne
Corporation

HackerOne is a security company and bug bounty / vulnerability disclosure platform used by organizations to receive reports from external security researchers. In the provided content, it is referenced as the platform Anthropic launched for researchers to submit potential cyber jailbreak findings affecting Claude Fable 5, and as the vulnerability disclosure program used by phpBB to receive a report for CVE-2026-48611, which phpBB staff triaged within nine minutes. HackerOne is also repeatedly listed as the source associated with multiple published CVE entries affecting UniFi products and UniFi OS. The content does not provide high-confidence details about HackerOne’s size, headquarters location, or any security incidents affecting HackerOne itself.

Mentions30Industry4510
#20Security Affairs
Independent Media

Security Affairs is a cybersecurity news and analysis publication frequently cited in reporting on hacking, malware, vulnerabilities, threat actors, law-enforcement actions, and major security incidents. The content directly associates the outlet with journalist Pierluigi Paganini and shows it being referenced as a source for coverage of topics including Pegasus spyware, TeamPCP supply-chain compromises, JADEPUFFER, Oracle E-Business Suite vulnerabilities, Apple security updates, XSS.is disruption, GuardFall, and the Aflac Japan breach. Based on the provided content, Security Affairs operates in the cybersecurity media/journalism space. No high-confidence information about its size, headquarters location, or corporate structure is directly stated in the content.

Mentions29Industry9130
#21Apache Software Foundation
Non Profit

The Apache Software Foundation is a nonprofit software organization that stewards a large portfolio of open-source projects and infrastructure, including Apache HTTP Server, Tomcat, Kafka, ActiveMQ, Airflow, APISIX, HttpComponents, and Lucene.Net. The provided content consistently associates the organization with the disclosure and remediation of vulnerabilities across these projects. Recent security-relevant activity in the content includes advisories and disclosures affecting Apache Airflow providers, Apache Kafka, Apache APISIX, Apache ActiveMQ, Apache Lucene.Net, Apache HttpComponents Core, Apache HTTP Server, and Apache Tomcat, covering issues such as path traversal, authentication bypass, JWT validation flaws, denial of service, authorization weaknesses, XXE, and out-of-bounds reads. The content does not provide high-confidence details about the foundation’s size or headquarters location, so those are not included.

Mentions28Industry9120
#22Fortinet
Corporation

Fortinet is a cybersecurity vendor focused on network and security products and services. The content references multiple Fortinet product and research brands, including FortiGate firewalls, FortiClient EMS, FortiOS, and FortiGuard Labs. Fortinet appears in the material both as a manufacturer of widely deployed edge security appliances and as a source of threat intelligence and defensive guidance through FortiGuard Labs. The content specifically cites FortiGuard Labs reporting on exploitation attempts against Ivanti Sentry CVE-2026-10520 and on Ousaban banking malware activity targeting Spain and Portugal. Security-relevant references in the content also note that Fortinet products were targeted in several campaigns: FortiGate firewalls were the focus of the large-scale FortiBleed credential-harvesting campaign, which reportedly targeted more than 430,000 FortiGate firewalls worldwide and was later linked by SOCRadar to downstream INC Ransom and Lynx ransomware activity; Fortinet FortiClient EMS was also referenced in connection with exploitation of CVE-2026-35616. The content does not provide high-confidence details on Fortinet’s headquarters, employee count, or organization size.

Mentions28HQUS
#23Medium
Corporation

Medium is an online publishing platform where writers publish posts and readers can join or subscribe to receive updates from authors. The provided content repeatedly references prompts such as "Join Medium for free to get updates from this writer" and "Welcome to this new Medium post," indicating its role as a content-hosting and article distribution platform. The aliases provided are "a_medium_corporation" and "medium," with "Medium" being the most recognizable public-facing name. No high-confidence details about headquarters, size, ownership, or specific security incidents involving Medium are directly stated in the content.

Mentions28Industry5020
#24F5
Corporation

F5 is a technology company associated with the f5.com domain and products including F5 BIG-IP load balancers. The content references F5 Product Development issuing multiple security-impact statements that certain disclosed vulnerabilities did not affect supported F5 products, and also notes F5 evaluating hardware-platform exposure in the context of speculative-execution issues with component vendors. F5 BIG-IP is specifically mentioned as an internet-facing technology that has been exploited or targeted in intrusion activity and exploitation attempts in third-party reporting. In a Comparitech study of 5,849 domains across 13 sectors, f5.com was one of only two domains to achieve a perfect 8/8 score for email security controls. The content does not provide high-confidence details on the organization’s size or headquarters location.

Mentions27HQUS