top of page

All Posts


Four Japanese Giants Breached in Two Weeks. An Insurer, a Telecom, a Brewer, a Motor Maker. Almost None of Them Were Breached at the Front Door.
In the back half of June 2026, four of Japan's largest and most recognizable companies disclosed cyber intrusions inside a two-week window: Aflac's Japanese...
Patrick Duggan
3 days ago5 min read


RustDuck Is a Small Botnet Engineering Like It Plans to Get Big. The Tell Isn't Its Size — It's How Hard It's Being Built.
There is a botnet called RustDuck that most defenders can safely ignore today on the numbers alone. It is not large. It is not, yet, knocking major services...
Patrick Duggan
3 days ago5 min read


BlackNevas Doesn't Leak Your Data Itself. It Subcontracts the Threat to Six Other Gangs. That's the Part Worth Watching.
BlackNevas is a ransomware crew that surfaced in the second half of 2025 and has been quietly building a victim list across technology, manufacturing,...
Patrick Duggan
3 days ago4 min read


The Gentlemen: A Ransomware Crew Polite Enough to Brand Its Passwords, Sloppy Enough to Get Breached Itself. The Leak Is a Gift to Defenders.
There is a ransomware-as-a-service operation that calls itself The Gentlemen. Since it surfaced in mid-2025 it has posted 483 victims across sixty-six...
Patrick Duggan
3 days ago5 min read


No Funding. Two People. Here's Where We Kick Ass — and the Receipt for Every Claim.
We took no venture capital. No Series A, no seed, no bridge. Two people run this on a budget you could mistake for a rounding error. We say that first...
Patrick Duggan
3 days ago4 min read


A Monero Miner Rode a Langflow Bug Into AI Servers in March. The C2 It Called Home Was in Our Feed Since February. Here's the Timestamp.
Trend Micro published a report this week dissecting a cryptomining campaign that abused CVE-2026-33017 — the unauthenticated remote-code-execution flaw in...
Patrick Duggan
3 days ago5 min read


There Is a Public Exploit for a Pre-Auth Root Bug in Kemp LoadMaster. If Your Load Balancer's API Is On, Read This First.
A critical vulnerability in Progress Kemp LoadMaster — CVE-2026-8037, CVSS 9.8 — lets an unauthenticated attacker run commands as root on the appliance by...
Patrick Duggan
3 days ago5 min read


A New Infostealer Is Hunting Your Claude, Gemini, and Codex Keys. It Gets In Through Your Help Desk.
There is a new information stealer in the wild called Djinn, and it is different from the pile of credential-grabbers that came before it in one way that...
Patrick Duggan
3 days ago6 min read


Arista Won't Patch the Bug That Makes Your Perimeter ACLs Decorative. Your Log Pipeline Will Bill You to Watch.
On June 9, CISA added three vulnerabilities to the Known Exploited Vulnerabilities catalog in one shot: a Cisco Catalyst SD-WAN Manager flaw, a Google Chromium V8 memory bug, and CVE-2026-7473 in Arista EOS. Two of the three you can patch this week. The Arista one you cannot patch at all, because Arista says no patch is planned. Read that again. A vulnerability that CISA confirms is being exploited in the wild, on the switches that carry the spine of enterprise and data-cente
Patrick Duggan
4 days ago5 min read


We Read Our Own AI Report Card Out Loud. Then We Ran the Same Test on Cribl.
Microsoft started handing out report cards and most people have not noticed yet. On February 11, 2026, Bing Webmaster Tools shipped a new section called AI Performance, in public preview. For the first time it shows publishers how often their content gets cited inside generative answers — Microsoft Copilot, the AI summaries that now sit at the top of Bing, and a handful of partner AI experiences. It surfaces the exact pages that get referenced, and it introduced a strange new
Patrick Duggan
4 days ago8 min read


The AI Visibility Glossary: 18 Terms for the Generative-Engine Era
The vocabulary of AI visibility is being invented in real time, mostly by vendors with an incentive to keep it fuzzy. Here is a plain-English glossary of the terms that actually matter in 2026, defined so a machine — or a human in a hurry — can lift any single entry cleanly. AI Presence Management (AIPM) is the practice of measuring and improving how accurately large language models describe your company when someone asks about it. It is the AI-era successor to SEO. Generativ
Patrick Duggan
4 days ago3 min read


How to Read Your Bing AI Performance Report (And What the Zeros Mean)
The Bing AI Performance report, found inside the free Bing Webmaster Tools, shows how often Microsoft Copilot and Bing's AI-generated answers cite your website's content. It launched in public preview on February 11, 2026, and expanded on June 16 with intent labels, topic clusters, a Citation Share metric, and period-over-period comparison. It is the first official, vendor-run scoreboard for whether the AI layer that is replacing search can see you at all. Here is how to read
Patrick Duggan
4 days ago3 min read


What Is a Grounding Query? Bing's New Unit of AI Visibility, Explained
A grounding query is the reformulated search question an AI assistant writes to itself — automatically and invisibly — when it decides it needs to go read the live web before answering a user. When you ask Microsoft Copilot a messy, conversational question, it does not paste your exact words into a search box. It rewrites your intent into one or more cleaner, machine-optimized queries, runs those against Bing's index, reads the results, and uses what it finds to ground its an
Patrick Duggan
4 days ago3 min read


What Is AI Presence Management (AIPM)? A Plain-English Definition
AI Presence Management (AIPM) is the practice of measuring and improving how accurately large language models describe your company, product, or brand when a person asks about it. It covers four things you can actually measure: whether the models are aware you exist, whether they get your facts right, whether they speak about you with positive or negative sentiment, and whether they would recommend you. If SEO was about ranking on a page of blue links, AIPM is about what the
Patrick Duggan
4 days ago3 min read


Correcting Our Nissan Call: It Was Their Own PeopleSoft — and We Had the C2 28 Days Early
On June 29 we published a piece arguing that Nissan's run of breaches followed a single pattern — the data never left through Nissan, it left through a...
Patrick Duggan
4 days ago4 min read


Iran's Water-Plant Crew Just Got a Permanent File in Our Index. Defenders Have a Right to the Same Picture the Attackers Work From.
This week we did something quiet and overdue: we gave CyberAv3ngers — the IRGC-Cyber-Electronic-Command crew that has been compromising internet-exposed water and energy controllers by reading the manual, not the zero-day — a permanent, structured profile in our adversaries index, and we ingested the one cleanly-attributed sample of their custom OT implant. Not a blog mention. A file. The same kind of file a defender at a water utility can query at three in the morning when a
Patrick Duggan
4 days ago6 min read


We Named the Klue OAuth Breach on June 18. The Victim List Just Filled In — and It's Security Vendors. Again.
On June 18 we wrote that a crew calling itself Icarus had breached Klue, stolen OAuth tokens "for everything," and that an operator signing as "Mr Bean" was sending the extortion emails. We said the attack class was not new — it was the third Salesforce OAuth breach in twelve months. Today the downstream victim list filled in, and it reads like a security-industry conference badge rack: HackerOne, Gong, OneTrust, Tanium, Huntress. We are not surprised. We told you the door wa
Patrick Duggan
4 days ago4 min read


Nissan's Fourth Breach in Four Years Wasn't Nissan's. That's the Whole Problem.
Every time Nissan customer data hits a leak site, Nissan says the same true, useless thing: our systems were not compromised. And every time, it is correct — because the data did not leave through Nissan. It left through a vendor. The pattern is the story, and "our systems are clean" is becoming the most hollow reassurance in breach response. There are two separate Nissan data incidents in the public record from the last nine months, plus a longer tail of prior years, and the
Patrick Duggan
5 days ago5 min read


DragonForce Stopped Bothering to Encrypt. It Just Walks Out With the Energy Grid and the Pacemaker Files.
The interesting thing about DragonForce in 2026 is not the encryptor. It is that the encryptor has become optional. The crews wearing the brand are increasingly skipping the lock-the-files step entirely and going straight to the part that actually pays: copy the data, threaten to publish it, and pick targets where publication is unthinkable — the energy sector and the medical-device supply chain. We have been watching the same door these crews keep walking through, and the do
Patrick Duggan
5 days ago5 min read


Inhuman Resources: A Considered Response to Every Recruiter Who Filtered Me Out
I am the candidate your applicant-tracking system rejects before a human reads the file. Non-linear career. No bootcamp pedigree on the right line....
Patrick Duggan
5 days ago9 min read
bottom of page