Comment by lucb1e

National CERTs usually take up this role. I presume OP could have anonymously disclosed to the Maltese CERT, whom they already CC'd, though you'd have to check with them specifically to see if they offer that. Hackerspaces also often do this, especially if you're a member but probably also if not and they have faith that your actions were legal (best case, you can demonstrate exactly what you did, like by showing the script you ran, as OP could)