top of page
All Posts
PreCog Caught a Malware Staging Repo on GitHub While We Slept
This morning at 8:17 AM, I checked PreCog over coffee. It had been red for three days — infrastructure activation surge, IOC velocity spike, the usual war...
Patrick Duggan
Mar 283 min read
Friday Sweep: EU Commission Breached, Kash Patel Confirmed, LangChain Leaking Secrets, and We Scanned Europa.eu in 235 Seconds
Four stories broke today. All of them matter. Here's what happened, what we found, and what to do about it.
Patrick Duggan
Mar 274 min read
A Defender's Guide to the Current War Footing: Russia-China-Iran Cyber Operations Against Five Eyes Nations
This is not a threat brief. This is a field guide for defenders operating in a formally aligned adversary environment that didn't exist six months ago. The...
Patrick Duggan
Mar 278 min read
Threat Brief: March 27, 2026 — Handala Claims FBI, Publishes Lockheed Passports, PreCog Stays Red
PreCog is still CRITICAL. Handala escalated twice overnight. The scanning infrastructure rotated but didn't stop. Here's what changed since yesterday.
Patrick Duggan
Mar 273 min read
Threat Brief: March 26, 2026 — PreCog Goes Red, Handala Claims Lockheed, China Scans at Scale
PreCog hit CRITICAL tonight. Three signals elevated simultaneously. Here's what happened and what to do about it.
Patrick Duggan
Mar 264 min read
The Same Chip Running Our Survey Robot Is Going to Space
Last weekend I was on my hands and knees in a house in Connecticut, calibrating a LiDAR by pointing a robot at a wall and reading the angles. The robot runs...
Patrick Duggan
Mar 265 min read
Lockheed Martin Rejected My Application. Iran Accepted Theirs.
This morning I received an email from Lockheed Martin Talent Acquisition:
Patrick Duggan
Mar 265 min read
We Started With 85 Handala IOCs. We Ended With 145. Here's How.
Yesterday, Iran's Handala hack group dumped 14 gigabytes of alleged Mossad chief data. Five days after the FBI seized their domains. From a new .ps domain...
Patrick Duggan
Mar 266 min read
Three Databases, One Graph: What Happens When You Cross-Reference Arctic Frost Against 5.3 Million Offshore Records
The Senate Judiciary Committee released 34 documents from Jack Smith's January 6 investigation — code name Arctic Frost. Senator Grassley published them to...
Patrick Duggan
Mar 257 min read
We Scored 8 Medical Device Companies on Pi Day. Two Got Hit.
On March 14th — Pi Day — we published an attack surface analysis of eight medical device companies. We enumerated subdomains, cross-referenced against...
Patrick Duggan
Mar 254 min read
Every Vendor at RSAC Just Announced What We Already Built
RSAC 2026 opened in San Francisco yesterday. The theme is unmistakable: agentic AI security. Every major vendor showed up with the same pitch — AI agents...
Patrick Duggan
Mar 254 min read
BlackCat Is Back. Our System Caught It.
March 25, 2026 — DugganUSA PreCog Alert
Patrick Duggan
Mar 243 min read
Your iPhone Can Be Hacked by Opening Safari. DarkSword Is Public.
March 25, 2026 — DugganUSA Threat Brief
Patrick Duggan
Mar 244 min read
Patrick Duggan
Mar 234 min read
Patrick Duggan
Mar 234 min read
Interlock Had a Zero-Day for 36 Days. We Had Their IOCs.
36 Days of Free Reign
Patrick Duggan
Mar 234 min read
Today Is CISA Deadline Day for the Exact Vulnerability Class That Hit Stryker
The Coincidence That Isn't
Patrick Duggan
Mar 234 min read
The AI Agent Builder Got Owned in 20 Hours
CVE-2026-33017: One HTTP Request. No Auth. Full RCE. And Your AI Pipeline Keys. March 17, 2026. A critical vulnerability is disclosed in Langflow — the open-source visual builder for LangChain AI agents. CVSS 9.3. Twenty hours later, attackers are already inside production instances. No proof-of-concept existed yet. They built working exploits from the advisory text alone. What Langflow Is Langflow is the drag-and-drop interface for building AI agent pipelines. LangChain unde
Patrick Duggan
Mar 214 min read
They Had 36 Days. Cisco Had Zero.
How Interlock Ransomware Owned Enterprise Firewalls Before Anyone Knew January 26, 2026. A ransomware gang called Interlock starts exploiting a vulnerability in Cisco Secure Firewall Management Center. CVSS score: 10.0. The maximum. Unauthenticated. Remote. Root access. Cisco doesn't know yet. Their customers don't know yet. For 36 days, every Cisco FMC instance facing the internet is a door with no lock. What CVE-2026-20131 Actually Does Insecure deserialization of user-supp
Patrick Duggan
Mar 203 min read
Wiz Told Me Visibility Equals Security. They Were Half Right.
Wiz sold "visibility" to Google for $32 billion. They meant inward. We mean outward. Only one stops the bullet. "Visibility equals security." That's the pitch. Wiz, CrowdStrike, Palo Alto, every vendor at RSA for the last five years. If you can see it, you can secure it. Dashboard everything. Alert on everything. Visualize your attack surface and the threats will reveal themselves. They're not wrong. They're just looking the wrong direction. The Inward Gaze Wiz looks inward.
Patrick Duggan
Mar 193 min read
bottom of page