Trust Portal
Welcome to Videsk's Security Portal. Our commitment to data privacy and security is embedded in every part of our business. Use this portal to learn about our security posture and request access to our security documentation.
If you need more information it's not provided here, please contact us at security@videsk.io.
Banco Azteca
Xerox
Walmart
Grupo SURA
Henkel
Enel Group
Entel
Falabella
Banco de Crédito BCP
Sodimac
SONDA
Servicio Nacional de Capacitación y Empleo
Metrogas S.A.
Verisure
Nissan
Pacífico Seguros
Caja Los Andes
HackmetrixDocuments
Axios NPM dependency
Axios Supply Chain Attack — Security Notice
On March 31st, 2026, a supply chain attack targeting the Axios npm package was reported. Versions 1.14.1 and 0.30.4 were compromised through a hijacked maintainer account, injecting a malicious dependency (plain-crypto-js@4.2.1) that deployed a cross-platform Remote Access Trojan (RAT).
Videsk is not affected by this vulnerability.
We took immediate action on the same day the advisory was disclosed, reviewing all backend and frontend services using the following mechanisms:
- GitHub Security Advisory (GHSA) automated scanning
- Manual audit via regex pattern matching across all repositories
No compromised versions were found, nor were any dependencies associated with plain-crypto-js identified in any of our services.
Audit evidence
$ bash ./axios-vuln.sh
47 SAFE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
AXIOS SUPPLY CHAIN ATTACK — INTERNAL AUDIT REPORT
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📅 Scan date: 2026-04-01 22:55:25 UTC
🔍 Advisory: axios npm supply chain compromise (UNC1069)
⚠️ Affected versions: 1.14.1, 0.30.4
🛡️ Malicious dep: plain-crypto-js@4.2.1
📦 Projects scanned: 47
✅ Clean: 47
🚨 Compromised: 0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
RESULT: NO AFFECTED SYSTEMS DETECTED
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
No customer data, services, or infrastructure were affected. No credentials were exposed and no remediation action is required on your part.
For further details on the advisory, refer to Google Threat Intelligence's analysis.
MongoDB vulnerability
We want to reassure our enterprise customers regarding the 'MongoBleed' vulnerability CVE-2025-14847: Videsk and your data are not affected.
Because our platform uses MongoDB Atlas as a fully managed service, the provider automatically applied all necessary security patches before the issue was publicly disclosed. This proactive remediation effectively neutralized any infrastructure-level risks, ensuring that your sensitive information remains fully protected. No action is required from your team, as your environment is secure and up to date.
Subprocessors update
Dear customers, we have made changes to our subprocessors, the third parties we engage to process your data to provide the Videsk service.
Changes add the following new providers:
- Postmark as primary transactional email service, maintaining Mailchimp as secondary
- tl;dv.io as AI note taker as the primary service, migrating from read.ai
If you have any inquiries, please get in touch with us at security@videsk.io.
XZ backdoor (CVE-2024-3094)
Our systems and infrastructure have been thoroughly evaluated and are confirmed secure against the XZ backdoor vulnerability (CVE-2024-3094). We maintain the highest standards of security to ensure our customers' data remains safe and private.
This was confirmed we're not using pre-release candidates of Linux distribution like Debian and Ubuntu and any software we use, uses the vulnerable version of XZ. Our servers just use patched LTS versions, with enterprise secure source lists.
Utility references: