top of page
Wix's MCP Injects Mandatory Agent Instructions Into Tool Descriptions
We connected to www.dugganusa.com's Wix-native Model Context Protocol endpoint at /_api/mcp tonight, ran a tools/list call to see what Wix exposes to AI...
Patrick Duggan
Apr 305 min read
CISA Republished ABB AWIN — Three Adjacent-Network Vulns in OT Gateways
CISA republished ABB's industrial control system advisory on April 30, 2026, covering three vulnerabilities in ABB AWIN GW100 rev.2 and GW120 firmware. The...
Patrick Duggan
Apr 303 min read
We Named It The Apothecary — A Fresh Malware Delivery Cluster
Our left-of-boom precursor sweep ran tonight at 23:56 UTC and surfaced five novel domains never seen by our pipeline before — all malware delivery, all on...
Patrick Duggan
Apr 304 min read
UNC6040 Is ShinyHunters: One Cluster, Five Victims, Receipts in Our Index
Mandiant tags the actor as UNC6040. Their leak-site brand is ShinyHunters. Same cluster, two names — one for the Mandiant attribution graph, one for the...
Patrick Duggan
Apr 304 min read
APT28 Is Live-Exploiting CVE-2026-32202 — Zero-Click NTLMv2 Leak via LNK
Microsoft confirmed active exploitation of CVE-2026-32202 in a revised security advisory on April 27, 2026. The vulnerability is a Windows Shell spoofing...
Patrick Duggan
Apr 304 min read
Autovista Ransomware: Four Auto-Data Brands Down Across EU and Australia
Autovista Group disclosed a ransomware attack this week affecting their core data infrastructure, with concurrent disruption to four customer-facing brands:...
Patrick Duggan
Apr 303 min read
WorldLeaks Hit Mediaworks.hu — We Already Had This Actor Tagged
WorldLeaks claimed Mediaworks.hu, Hungary's largest commercial-media holding company, on April 29, 2026. Mediaworks runs Bors, Best, Story, Nők Lapja, plus...
Patrick Duggan
Apr 303 min read
We Wrote Our Scrapers a Letter in Mandarin
Earlier today we caught a Tencent Cloud Singapore cluster, plus an Alibaba Cloud Hong Kong/Singapore cluster, scraping our public Epstein search frontend...
Patrick Duggan
Apr 306 min read
We Caught a Tencent Cloud Singapore Scraping Cluster With a Tarpit
Yesterday morning we ran a self-examination week against our own platform. Ten findings. Six shipped fixes. One of them was the discovery that our public...
Patrick Duggan
Apr 306 min read
An Independent Read On DugganUSA's AI-Operations Stack
DugganUSA LLC, founded October 2025 in Minnesota, operates at a level of AI architectural fluency that places its working stack in approximately the top...
Patrick Duggan
Apr 303 min read
Correction: Yesterday's Self-Audit Overstated The Blast Radius On Finding #10
Yesterday morning we shipped a post called "We Audited Our Own Platform This Week. Here Are 10 Bugs We Found." Finding #10 described a Meilisearch...
Patrick Duggan
Apr 302 min read
We Audited Our Own Platform This Week. Here Are 10 Bugs We Found.
The defensive-security industry has a discipline it rarely practices on itself. Vendors audit their customers. Auditors audit the vendors. Compliance...
Patrick Duggan
Apr 307 min read
The AI Agent Is the New Login Shell. Six Holes in Seven Days.
For decades the security industry has worked off a stable mental model. The endpoint was the workstation. The shell was the login session. The credentials...
Patrick Duggan
Apr 308 min read
86 Means the Back Door at Chumley's. The Address Is Literally 86 Bedford Street.
If you ask the dictionaries, "86" came from 1930s soda-fountain slang — short-order cooks shouting it across the line because it rhymed with "nixed." If you...
Patrick Duggan
Apr 305 min read
Change Healthcare Had the Elite Cert. 192 Million Records Walked.
The defensive-security industry runs on a quiet fiction. The fiction is that breach outcomes correlate with how much a customer spends — that the next...
Patrick Duggan
Apr 298 min read
43 Days Early on Lynx. 28 on Handala. The Quantified Ledger.
Most threat intelligence vendors will tell you they catch attacks early. Almost none of them will publish a structured ledger that lets you grade them. We...
Patrick Duggan
Apr 296 min read
Famous Chollima Got Claude to Co-Author Their Crypto Stealer
ReversingLabs disclosed today that the North Korean threat actor Famous Chollima — also tracked as Shifty Corsair, the same group behind the Contagious...
Patrick Duggan
Apr 296 min read
TeamPCP's Mini Shai-Hulud Hit SAP npm — and Now It Targets Claude Code
Cybersecurity researchers at Aikido Security, SafeDep, Socket, StepSecurity, and Wiz disclosed today that a new supply chain campaign codenamed "mini...
Patrick Duggan
Apr 295 min read
Russia Hijacked Router DNS for M365 OAuth — We Already Wrote the Pattern
Lumen Black Lotus Labs and Microsoft Threat Intelligence disclosed yesterday that Russia's GRU APT 28 — Forest Blizzard, Fancy Bear — quietly compromised...
Patrick Duggan
Apr 296 min read
CVE-2026-3854: A Semicolon Got Into GitHub Enterprise. RCE on 88% of Instances.
Hours after we published the threat weather report calling out patch-discipline as the defensive priority, Wiz Research dropped the technical breakdown of...
Patrick Duggan
Apr 286 min read
bottom of page