Real Findings, Real Targets
A sample of disclosed security research. Where a fix is still in progress, technical detail is withheld in line with responsible disclosure.
"Thank you for the great report. We were able to reproduce the issue on mobile devices … and have validated this as a DOM-based cross-site scripting (XSS). We appreciate the effort you put into identifying this issue."
The finding: A DOM-based cross-site scripting vulnerability in the web platform of MTN Group, one of the largest telecommunications groups in the world. The issue was exploitable through ordinary user interaction, with no developer tools or special access required.
The outcome: MTN Group's security team reproduced and validated the report, confirming it as a DOM-based XSS and triaging it for remediation. Full technical detail is withheld here until a fix is in place.
This is the standard behind RTCS: finding real, exploitable issues in the platforms of organisations that already have security teams.
Industries We Service
RTCS works with Australian organisations where the stakes are real, from regulated enterprises and government through to the small businesses that can't afford to get security wrong.
Federal, state, and local agencies with Essential Eight, ISM, and PSPF obligations.
SOCI Act entities across utilities, water, and transport, including OT and ICS environments.
Mining, oil and gas, and energy operators securing both corporate and operational technology.
Banks, insurers, and fintechs under APRA CPS 234 and constant attacker attention.
Providers and networks protecting clinical systems and sensitive patient data.
Legal, accounting, and consulting firms holding highly confidential client information.
Software and cloud businesses that need their products tested the way attackers test them.
Growing Australian businesses that deserve real security without enterprise overhead.