top of page
Your Security Vendor Is Your Attack Surface: CrowdStrike, Microsoft, and Aqua Trivy Proved It
Three security vendors walked into a bar. One bricked 8.5 million machines. One wiped 200,000 medical devices for Iran. One turned its own vulnerability scanner into a credential stealer. Nobody's laughing. The Trifecta In nine months, the three most trusted categories of security tooling — endpoint protection, device management, and CI/CD scanning — all became the attack vector. July 2024: CrowdStrike Falcon. A faulty channel file update crashed 8.5 million Windows machines
Patrick Duggan
Mar 315 min read
We Almost Got Hit by the Axios Supply Chain Attack. Here's What Saved Us.
Yesterday someone hijacked the most popular HTTP client in the JavaScript ecosystem and turned it into a cross-platform RAT. We run 18 services on axios. Every single one of them would have pulled the malicious version on a fresh install. A lock file is the only reason I'm writing this post instead of an incident report. What Happened On March 30, 2026, an attacker compromised the npm account of axios maintainer @jasonsaayman — likely by stealing a long-lived npm access token
Patrick Duggan
Mar 315 min read
Monday Update: Handala Registered New Domains, the FBI Director Is Trending for the Wrong Reasons, and PreCog Is Still Red
It's Monday morning. PreCog has been at CRITICAL for six days. The supply chain staging signal hit maximum over the weekend. And Handala is quietly...
Patrick Duggan
Mar 305 min read
Five Things Nobody Is Talking About Tonight
It's Saturday night. The news cycle is quiet. PreCog is not.
Patrick Duggan
Mar 285 min read
PreCog Caught a Malware Staging Repo on GitHub While We Slept
This morning at 8:17 AM, I checked PreCog over coffee. It had been red for three days — infrastructure activation surge, IOC velocity spike, the usual war...
Patrick Duggan
Mar 283 min read
Friday Sweep: EU Commission Breached, Kash Patel Confirmed, LangChain Leaking Secrets, and We Scanned Europa.eu in 235 Seconds
Four stories broke today. All of them matter. Here's what happened, what we found, and what to do about it.
Patrick Duggan
Mar 274 min read
A Defender's Guide to the Current War Footing: Russia-China-Iran Cyber Operations Against Five Eyes Nations
This is not a threat brief. This is a field guide for defenders operating in a formally aligned adversary environment that didn't exist six months ago. The...
Patrick Duggan
Mar 278 min read
Threat Brief: March 27, 2026 — Handala Claims FBI, Publishes Lockheed Passports, PreCog Stays Red
PreCog is still CRITICAL. Handala escalated twice overnight. The scanning infrastructure rotated but didn't stop. Here's what changed since yesterday.
Patrick Duggan
Mar 273 min read
Threat Brief: March 26, 2026 — PreCog Goes Red, Handala Claims Lockheed, China Scans at Scale
PreCog hit CRITICAL tonight. Three signals elevated simultaneously. Here's what happened and what to do about it.
Patrick Duggan
Mar 264 min read
The Same Chip Running Our Survey Robot Is Going to Space
Last weekend I was on my hands and knees in a house in Connecticut, calibrating a LiDAR by pointing a robot at a wall and reading the angles. The robot runs...
Patrick Duggan
Mar 265 min read
Lockheed Martin Rejected My Application. Iran Accepted Theirs.
This morning I received an email from Lockheed Martin Talent Acquisition:
Patrick Duggan
Mar 265 min read
We Started With 85 Handala IOCs. We Ended With 145. Here's How.
Yesterday, Iran's Handala hack group dumped 14 gigabytes of alleged Mossad chief data. Five days after the FBI seized their domains. From a new .ps domain...
Patrick Duggan
Mar 266 min read
Three Databases, One Graph: What Happens When You Cross-Reference Arctic Frost Against 5.3 Million Offshore Records
The Senate Judiciary Committee released 34 documents from Jack Smith's January 6 investigation — code name Arctic Frost. Senator Grassley published them to...
Patrick Duggan
Mar 257 min read
We Scored 8 Medical Device Companies on Pi Day. Two Got Hit.
On March 14th — Pi Day — we published an attack surface analysis of eight medical device companies. We enumerated subdomains, cross-referenced against...
Patrick Duggan
Mar 254 min read
Every Vendor at RSAC Just Announced What We Already Built
RSAC 2026 opened in San Francisco yesterday. The theme is unmistakable: agentic AI security. Every major vendor showed up with the same pitch — AI agents...
Patrick Duggan
Mar 254 min read
BlackCat Is Back. Our System Caught It.
March 25, 2026 — DugganUSA PreCog Alert
Patrick Duggan
Mar 243 min read
Your iPhone Can Be Hacked by Opening Safari. DarkSword Is Public.
March 25, 2026 — DugganUSA Threat Brief
Patrick Duggan
Mar 244 min read
Patrick Duggan
Mar 234 min read
Patrick Duggan
Mar 234 min read
Interlock Had a Zero-Day for 36 Days. We Had Their IOCs.
36 Days of Free Reign
Patrick Duggan
Mar 234 min read
bottom of page