top of page

All Posts


Threat Brief: March 26, 2026 — PreCog Goes Red, Handala Claims Lockheed, China Scans at Scale
PreCog hit CRITICAL tonight. Three signals elevated simultaneously. Here's what happened and what to do about it.
Patrick Duggan
Mar 264 min read


The Same Chip Running Our Survey Robot Is Going to Space
Last weekend I was on my hands and knees in a house in Connecticut, calibrating a LiDAR by pointing a robot at a wall and reading the angles. The robot runs...
Patrick Duggan
Mar 265 min read


Lockheed Martin Rejected My Application. Iran Accepted Theirs.
This morning I received an email from Lockheed Martin Talent Acquisition:
Patrick Duggan
Mar 265 min read


We Started With 85 Handala IOCs. We Ended With 145. Here's How.
Yesterday, Iran's Handala hack group dumped 14 gigabytes of alleged Mossad chief data. Five days after the FBI seized their domains. From a new .ps domain...
Patrick Duggan
Mar 266 min read


Three Databases, One Graph: What Happens When You Cross-Reference Arctic Frost Against 5.3 Million Offshore Records
The Senate Judiciary Committee released 34 documents from Jack Smith's January 6 investigation — code name Arctic Frost. Senator Grassley published them to...
Patrick Duggan
Mar 257 min read


We Scored 8 Medical Device Companies on Pi Day. Two Got Hit.
On March 14th — Pi Day — we published an attack surface analysis of eight medical device companies. We enumerated subdomains, cross-referenced against...
Patrick Duggan
Mar 254 min read


Every Vendor at RSAC Just Announced What We Already Built
RSAC 2026 opened in San Francisco yesterday. The theme is unmistakable: agentic AI security. Every major vendor showed up with the same pitch — AI agents...
Patrick Duggan
Mar 254 min read


BlackCat Is Back. Our System Caught It.
March 25, 2026 — DugganUSA PreCog Alert
Patrick Duggan
Mar 243 min read


Your iPhone Can Be Hacked by Opening Safari. DarkSword Is Public.
March 25, 2026 — DugganUSA Threat Brief
Patrick Duggan
Mar 244 min read


Patrick Duggan
Mar 234 min read


Patrick Duggan
Mar 234 min read


Interlock Had a Zero-Day for 36 Days. We Had Their IOCs.
36 Days of Free Reign
Patrick Duggan
Mar 234 min read


Today Is CISA Deadline Day for the Exact Vulnerability Class That Hit Stryker
The Coincidence That Isn't
Patrick Duggan
Mar 234 min read


The AI Agent Builder Got Owned in 20 Hours
CVE-2026-33017: One HTTP Request. No Auth. Full RCE. And Your AI Pipeline Keys. March 17, 2026. A critical vulnerability is disclosed in Langflow — the open-source visual builder for LangChain AI agents. CVSS 9.3. Twenty hours later, attackers are already inside production instances. No proof-of-concept existed yet. They built working exploits from the advisory text alone. What Langflow Is Langflow is the drag-and-drop interface for building AI agent pipelines. LangChain unde
Patrick Duggan
Mar 214 min read


They Had 36 Days. Cisco Had Zero.
How Interlock Ransomware Owned Enterprise Firewalls Before Anyone Knew January 26, 2026. A ransomware gang called Interlock starts exploiting a vulnerability in Cisco Secure Firewall Management Center. CVSS score: 10.0. The maximum. Unauthenticated. Remote. Root access. Cisco doesn't know yet. Their customers don't know yet. For 36 days, every Cisco FMC instance facing the internet is a door with no lock. What CVE-2026-20131 Actually Does Insecure deserialization of user-supp
Patrick Duggan
Mar 203 min read


Wiz Told Me Visibility Equals Security. They Were Half Right.
Wiz sold "visibility" to Google for $32 billion. They meant inward. We mean outward. Only one stops the bullet. "Visibility equals security." That's the pitch. Wiz, CrowdStrike, Palo Alto, every vendor at RSA for the last five years. If you can see it, you can secure it. Dashboard everything. Alert on everything. Visualize your attack surface and the threats will reveal themselves. They're not wrong. They're just looking the wrong direction. The Inward Gaze Wiz looks inward.
Patrick Duggan
Mar 193 min read


14,220 Repos. Location: USSR. Weaponizing Claude Code for Offensive Security.
We followed the Handala wiper network. It led to 120 offensive AI skills, MANPADS documentation, and the biggest collection node we've ever seen. Two weeks ago we found Iran's Handala wiper masquerading as a CrowdStrike update on GitHub. The repo was published by an account called MrDomainAdmin — 20 repos, zero followers, no bio. A ghost. Today we followed the followers. The Network MrDomainAdmin has 7 followers. One of them is killvxk. killvxk has 14,220 public repositories.
Patrick Duggan
Mar 193 min read


We Open-Sourced Our Edge Security. Deploy 1M+ IOCs to Cloudflare in 30 Seconds.
A single-file Cloudflare Worker that blocks known malicious IPs, trolls scanners, and tells you who's visiting — powered by our STIX feed. We built something for ourselves and decided to give it away. The Problem Your firewall rules are static. Your threat intel updates daily — maybe. And between the moment a new IOC is published and the moment it reaches your infrastructure, attackers have a window. That window is where breaches happen. What Edge Shield Does DugganUSA Edge S
Patrick Duggan
Mar 193 min read


McKinsey Scores 56/95 on AI Presence. Their AI Platform Got Hacked in 2 Hours.
The $100B consulting firm that charges $500K for strategic analysis couldn't parameterize a SQL query. On February 28, 2026, security startup CodeWall deployed an autonomous AI agent against McKinsey's internal AI platform, Lilli. No credentials. No human intervention. Within two hours, the agent had full read-write access to the database. What it found: 46.5 million plaintext chat messages 728,000 files (192K PDFs, 93K spreadsheets) 57,000 employee accounts 384,000 AI assi
Patrick Duggan
Mar 193 min read


The Day After: GlassWorm Returns, AtomSilo Rises, and Your npm install Might Be Compromised
433 compromised packages. A zombie ransomware group. Invisible Unicode malware. Happy March 18th. While half the internet was recovering from St. Patrick's Day, the other half was getting owned. Here's what dropped in the last 72 hours — and what we indexed before your coffee was ready. GlassWorm: The Supply Chain Attack You Can't See GlassWorm is back. And this time, it brought friends. Between March 3rd and 12th, attackers compromised 151+ GitHub repositories, npm packages,
Patrick Duggan
Mar 183 min read
bottom of page