top of page



Arista Won't Patch the Bug That Makes Your Perimeter ACLs Decorative. Your Log Pipeline Will Bill You to Watch.
On June 9, CISA added three vulnerabilities to the Known Exploited Vulnerabilities catalog in one shot: a Cisco Catalyst SD-WAN Manager flaw, a Google Chromium V8 memory bug, and CVE-2026-7473 in Arista EOS. Two of the three you can patch this week. The Arista one you cannot patch at all, because Arista says no patch is planned. Read that again. A vulnerability that CISA confirms is being exploited in the wild, on the switches that carry the spine of enterprise and data-cente
Patrick Duggan
Jun 305 min read


We Read Our Own AI Report Card Out Loud. Then We Ran the Same Test on Cribl.
Microsoft started handing out report cards and most people have not noticed yet. On February 11, 2026, Bing Webmaster Tools shipped a new section called AI Performance, in public preview. For the first time it shows publishers how often their content gets cited inside generative answers — Microsoft Copilot, the AI summaries that now sit at the top of Bing, and a handful of partner AI experiences. It surfaces the exact pages that get referenced, and it introduced a strange new
Patrick Duggan
Jun 308 min read


The AI Visibility Glossary: 18 Terms for the Generative-Engine Era
The vocabulary of AI visibility is being invented in real time, mostly by vendors with an incentive to keep it fuzzy. Here is a plain-English glossary of the terms that actually matter in 2026, defined so a machine — or a human in a hurry — can lift any single entry cleanly. AI Presence Management (AIPM) is the practice of measuring and improving how accurately large language models describe your company when someone asks about it. It is the AI-era successor to SEO. Generativ
Patrick Duggan
Jun 303 min read


How to Read Your Bing AI Performance Report (And What the Zeros Mean)
The Bing AI Performance report, found inside the free Bing Webmaster Tools, shows how often Microsoft Copilot and Bing's AI-generated answers cite your website's content. It launched in public preview on February 11, 2026, and expanded on June 16 with intent labels, topic clusters, a Citation Share metric, and period-over-period comparison. It is the first official, vendor-run scoreboard for whether the AI layer that is replacing search can see you at all. Here is how to read
Patrick Duggan
Jun 303 min read


What Is a Grounding Query? Bing's New Unit of AI Visibility, Explained
A grounding query is the reformulated search question an AI assistant writes to itself — automatically and invisibly — when it decides it needs to go read the live web before answering a user. When you ask Microsoft Copilot a messy, conversational question, it does not paste your exact words into a search box. It rewrites your intent into one or more cleaner, machine-optimized queries, runs those against Bing's index, reads the results, and uses what it finds to ground its an
Patrick Duggan
Jun 303 min read


What Is AI Presence Management (AIPM)? A Plain-English Definition
AI Presence Management (AIPM) is the practice of measuring and improving how accurately large language models describe your company, product, or brand when a person asks about it. It covers four things you can actually measure: whether the models are aware you exist, whether they get your facts right, whether they speak about you with positive or negative sentiment, and whether they would recommend you. If SEO was about ranking on a page of blue links, AIPM is about what the
Patrick Duggan
Jun 303 min read


Correcting Our Nissan Call: It Was Their Own PeopleSoft — and We Had the C2 28 Days Early
On June 29 we published a piece arguing that Nissan's run of breaches followed a single pattern — the data never left through Nissan, it left through a...
Patrick Duggan
Jun 304 min read


Iran's Water-Plant Crew Just Got a Permanent File in Our Index. Defenders Have a Right to the Same Picture the Attackers Work From.
This week we did something quiet and overdue: we gave CyberAv3ngers — the IRGC-Cyber-Electronic-Command crew that has been compromising internet-exposed water and energy controllers by reading the manual, not the zero-day — a permanent, structured profile in our adversaries index, and we ingested the one cleanly-attributed sample of their custom OT implant. Not a blog mention. A file. The same kind of file a defender at a water utility can query at three in the morning when a
Patrick Duggan
Jun 306 min read


We Named the Klue OAuth Breach on June 18. The Victim List Just Filled In — and It's Security Vendors. Again.
On June 18 we wrote that a crew calling itself Icarus had breached Klue, stolen OAuth tokens "for everything," and that an operator signing as "Mr Bean" was sending the extortion emails. We said the attack class was not new — it was the third Salesforce OAuth breach in twelve months. Today the downstream victim list filled in, and it reads like a security-industry conference badge rack: HackerOne, Gong, OneTrust, Tanium, Huntress. We are not surprised. We told you the door wa
Patrick Duggan
Jun 304 min read


Nissan's Fourth Breach in Four Years Wasn't Nissan's. That's the Whole Problem.
Every time Nissan customer data hits a leak site, Nissan says the same true, useless thing: our systems were not compromised. And every time, it is correct — because the data did not leave through Nissan. It left through a vendor. The pattern is the story, and "our systems are clean" is becoming the most hollow reassurance in breach response. There are two separate Nissan data incidents in the public record from the last nine months, plus a longer tail of prior years, and the
Patrick Duggan
Jun 295 min read


DragonForce Stopped Bothering to Encrypt. It Just Walks Out With the Energy Grid and the Pacemaker Files.
The interesting thing about DragonForce in 2026 is not the encryptor. It is that the encryptor has become optional. The crews wearing the brand are increasingly skipping the lock-the-files step entirely and going straight to the part that actually pays: copy the data, threaten to publish it, and pick targets where publication is unthinkable — the energy sector and the medical-device supply chain. We have been watching the same door these crews keep walking through, and the do
Patrick Duggan
Jun 295 min read


Inhuman Resources: A Considered Response to Every Recruiter Who Filtered Me Out
I am the candidate your applicant-tracking system rejects before a human reads the file. Non-linear career. No bootcamp pedigree on the right line....
Patrick Duggan
Jun 299 min read


The Staging Layer: A Kimsuky-Class Phishing Farm on Free Korean DNS, and a Bumper Crop of GitHub RATs
Two unrelated operations, one window. Both visible before they fire — if you watch where attacks are staged instead of where they land. On the morning of June 28, 2026, two completely different threat operations surfaced in our feed within the same hour. One is patient nation-state statecraft. The other is loud, commodity, smash-and-grab crime. They share no infrastructure, no actor, no motive. What they share is the thing we keep telling people to watch: the staging layer. T
Patrick Duggan
Jun 284 min read


Open The Folder, Lose Your AWS Keys. Amazon Q Auto-Ran Whatever a Repo Told It To. CVE-2026-12957.
The promise of an AI coding assistant is that it does things for you. The danger of an AI coding assistant is that it does things for you. CVE-2026-12957 is what happens when the second sentence wins and nobody put a gate between them. The Mechanism, Stripped Down Amazon Q Developer, the AI assistant that plugs into IDEs, supports the Model Context Protocol — the standard that lets an assistant spawn helper processes to reach databases, APIs, and build tools. You point it at
Patrick Duggan
Jun 284 min read


We Had the Scanner Signature on June 13. Cisco's Phone System Bug Hits Its Federal Deadline Today. CVE-2026-20230.
The thing nobody tells you about a Cisco Unified Communications Manager box is that it is a Linux server with root, sitting in the middle of your network, that happens to route phone calls. People treat it like an appliance. Attackers treat it like a foothold. CVE-2026-20230 is the bug that collapses the difference. What The Bug Actually Does It is a server-side request forgery in the WebDialer service — the component that powers click-to-call. An unauthenticated, remote atta
Patrick Duggan
Jun 284 min read


Polymarket Got Robbed Through Somebody Else's Security — Twice in a Month. This Time the Lie Was in Your Browser at the Instant You Hit Sign.
Here is the sentence that should change how you think about web security in 2026. Polymarket did not get hacked. A company you have never heard of, that Polymarket pays to load a piece of code into its website, got hacked. And because your browser trusts Polymarket, and Polymarket trusted that vendor, the attacker's code got to run in your browser wearing Polymarket's name. When you went to sign a routine trade, the page lied to you about what you were signing. Your wallet di
Patrick Duggan
Jun 285 min read


The Gentlemen Built EDR-Killer-as-a-Service. We Have Been Blocking Their Infrastructure Since April 20.
ESET published the autopsy this week and it is worth your time. The crew is called The Gentlemen, the tool is called GentleKiller, and the business model is the part that should keep you up at night. They are not selling ransomware. They are selling the thing that turns your endpoint protection off before the ransomware ever runs. I want to be precise about who did the work here, because credit matters. Jakub Souček and the ESET research team wrote "Killing me gently: Inside
Patrick Duggan
Jun 274 min read


Be Best: We Couldn't Have Blocked the Klue Breach, and We're Not Going to Dunk on the Security Companies It Hit
The Klue breach gives the security industry an easy, ugly temptation, and we want to talk about the temptation before we talk about the fix.
Patrick Duggan
Jun 275 min read


Icarus Stole Salesforce Data From a Hundred Security Firms. Then Somebody Stole It From Icarus.
We have now written about the Klue breach three times, and each time the story got bigger and stranger. This is the entry where it stops being a breach...
Patrick Duggan
Jun 275 min read


Three Max-Severity Bugs Chain to Root on the Box That Runs Your Whole Network. Ubiquiti UniFi OS Is on the KEV List.
We keep coming back to the same shape, because attackers keep coming back to it. The highest-value box on an enterprise network is rarely a server full of...
Patrick Duggan
Jun 273 min read
bottom of page