TOPIC HUB
INCIDENT RESPONSE & DISCLOSURE
Material cyber incidents are now public-disclosure events. The four-business-day window under the SEC rule, NIS2's reporting timelines, and the regulatory regime that follows means incident response is a governance discipline, not just a technical one. Public disclosures, vulnerability research, and the operational discipline behind both live here.
RESEARCH & DISCLOSURES
Original research and public disclosures
Progress MoveIt Transfer — Vulnerability Disclosure
PROGRESS SOFTWARE (MOVEIT TRANSFER)
Atumcell-discovered weakness in Progress Software's MoveIt Transfer file-transfer product, coordinated with the vendor and publicly disclosed.
Zoho Desk — Vulnerability Disclosure
ZOHO (ZOHO DESK)
Atumcell-discovered weakness in Zoho's Desk help-desk product, disclosed to the vendor and reported alongside the MoveIt Transfer finding.
N-able Workgroup Guideline — Security Risk to MSPs
N-ABLE
Research finding that N-able's published workgroup guideline created a meaningful exposure for managed service providers and their downstream clients.
Physically Hacking SCADA — Cyber-Physical Attack Chains
SCADA / INDUSTRIAL CONTROL SYSTEMS
Research on cyber-physical attack chains against SCADA systems, demonstrating how digital compromises produce physical-layer effects.
Talk through your specific situation.
If something on this page resonates with where your organisation is, the fastest way to get value out of it is a 30-minute conversation about your specific question.
STRATEGIC CONSULTATION
Book a Strategic Consultation
30 minutes. Your specific OT or AI security question. Direct, candid, non-sales.
- Direct call with Matthew — not a sales conversation
- Pre-call brief: I read what you send before we talk
- Walk out with something concrete for your next board cycle