VULN.LAB

    RESEARCH & DISCLOSURES

    Published vulnerability disclosures, original technical research, and tools — covering OT/ICS, cyber-physical systems, supply-chain risk, and the recurring failure modes in widely deployed enterprise software.

    5 ENTRIES

    FILTER
    DISCLOSURE/January 2024/HIGH

    Progress MoveIt Transfer — Vulnerability Disclosure

    PROGRESS SOFTWARE (MOVEIT TRANSFER)

    Atumcell research surfaced a security weakness in Progress Software's MoveIt Transfer product. The disclosure was coordinated with the vendor and reported in the trade press alongside related findings in Zoho Desk, illustrating the recurring exposure pattern in widely deployed enterprise file-transfer and ITSM software.

    READ ENTRY
    DISCLOSURE/January 2024/HIGH

    Zoho Desk — Vulnerability Disclosure

    ZOHO (ZOHO DESK)

    Atumcell research surfaced a security weakness in Zoho's Desk product — a widely deployed help-desk and customer-support platform. Disclosure was coordinated with Zoho, and the finding was covered in the trade press alongside the related MoveIt Transfer disclosure.

    READ ENTRY
    RESEARCH/January 2023/HIGH

    N-able Workgroup Guideline — Security Risk to MSPs

    N-ABLE

    Research showing that a published N-able workgroup guideline — followed by managed service providers as documented best practice — created a meaningful security exposure for those providers and the downstream clients dependent on them. Reported by Channel Futures.

    READ ENTRY
    RESEARCH/June 2018/CRITICAL

    Physically Hacking SCADA — Cyber-Physical Attack Chains

    SCADA / INDUSTRIAL CONTROL SYSTEMS

    Research on cyber-physical attack chains against SCADA systems — covered by The Register in 2018 — demonstrating how compromises in the digital control plane translate into measurable physical-layer effects in industrial environments. Part of the broader cyber-physical research arc that culminated in the DefCon ICS Killswitch presentations.

    READ ENTRY
    RESEARCH/July 2017/CRITICAL

    ICS Killswitch — Cyber-Physical Industrial Security Research

    INDUSTRIAL CONTROL SYSTEMS (MULTI-VENDOR)

    Research demonstrating cyber-physical attack chains against industrial control systems — how relatively small compromises in OT environments cascade into safety-relevant outcomes. Presented at DefCon in 2017 and again in 2018, with vendor coordination on remediation paths preceding each disclosure.

    READ ENTRY