All Posts

May 7, 2026 · DugganUSA LLC In the nine days running from April 28 to today, we have shipped eight hunt-tonight posts on eight separate CVEs, advisories, or active campaigns. Each one published within hours of the relevant disclosure. Each one carrying signed indicators in our public STIX feed within the same window. Each one written so that a SOC analyst at 11pm with a coffee can run the queries against their fleet without filing a vendor support ticket. This post is the rec

May 7, 2026 · DugganUSA LLC The Cloudways Breeze Cache plugin — installed on more than four hundred thousand WordPress sites — has an unauthenticated remote-code-execution vulnerability with a CVSS score of 9.8. The flaw lives in the fetch_gravatar_from_remote function in all versions through 2.4.4: missing file-type validation on a remote-fetch path that an unauthenticated attacker can trigger to upload arbitrary executable content into the site's filesystem. Wordfence logge

May 7, 2026 · DugganUSA LLC Ivanti released a security advisory yesterday, May 6, 2026, covering nine vulnerabilities across four product lines: Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC), and Ivanti Cloud Services Application (CSA). The combined impact reads from the advisory: privilege escalation, arbitrary file reads and writes, and remote code execution. The cumulative ceiling is full system control by an unauthenticated re

May 7, 2026 · DugganUSA LLC Palo Alto Networks disclosed CVE-2026-0300 yesterday — an unauthenticated, root-level remote code execution in the User-ID Authentication Portal (the Captive Portal) on PA-Series and VM-Series firewalls. CVSS 9.3 if the portal is reachable from the internet, 8.7 if restricted to internal trusted networks. Cloud NGFW and Panorama are not affected. The vulnerability is a buffer overflow in the captive-portal service. An attacker sends a specially cra

May 6, 2026 · DugganUSA LLC We run a 5-model AI Council at DugganUSA — GPT-4o, Claude Haiku 4.5, Gemini 2.5 Flash, Mistral Large, and DeepSeek — for things like brand-perception scoring on AIPM, customer enrichment on welcome flows, and consensus-strategy votes when one model's blind spot would cost us. Tonight, on a tired riff about AI-assisted Breaking Bad, we asked all five the same hypothetical and watched five distinct Walter Whites walk out of the same prompt. The quest

May 6, 2026 · DugganUSA LLC The following is a satirical infomercial. The numbers in it are real. The legal exposure in it is real. The product category in it is real. Only the tone is satire. Hello, Fellow Risk-Tolerant Investor! Are YOU sick of your portfolio companies' security incidents reaching the public? Tired of independent journalists, security researchers, and competent SOC teams writing factual blog posts that name your customers in unflattering breach contexts? Fr

May 6, 2026 · DugganUSA LLC Securonix Threat Research published a writeup on a phishing campaign codenamed VENOMOUS#HELPER — cluster ID STAC6405 — earlier this week. The campaign has been running since April 2025 and has hit more than eighty organizations, primarily in the United States, with secondary clusters in Western Europe and Latin America. We had zero indicators in our IOC index as of this morning. As of an hour ago, all twenty-four published indicators are indexed un

May 6, 2026 · DugganUSA LLC CISA added CVE-2026-31431 to the Known Exploited Vulnerabilities catalog on May 1, 2026. The federal civilian executive branch patch deadline is May 15. The vulnerability is a Linux kernel local privilege escalation in the AF_ALG cryptographic subsystem that has been quietly present in shipped kernels since 2017, introduced through three separate commits in 2011, 2015, and 2017. Kaspersky named the bug Copy Fail. The working public exploit is 732 b

May 6, 2026 · DugganUSA LLC Earlier today we published two posts on the Doppel takedown notice that landed at 05:16 UTC and the disclosure-economics math behind it. This is a third post and it is the shortest of the three. It exists because we did one piece of homework Doppel's takedown bot did not do. We looked up the trademark registration Doppel cited. In the body of the notice, Doppel listed: Trademarked Symbol: MEDTRONIC Registration Number: 5055675 Registration Office:

May 6, 2026 · DugganUSA LLC Microsoft patched CVE-2026-32201 in the April 8, 2026 Patch Tuesday. CISA added it to the Known Exploited Vulnerabilities catalog the same week. The federal civilian executive branch patch deadline under BOD 22-01 was April 28. As of today, BleepingComputer is reporting more than 1,300 internet-exposed SharePoint servers still vulnerable to ongoing attacks. That is the gap between "patched in the bulletin" and "patched on the box," and the gap is w

May 6, 2026 · DugganUSA LLC This morning Doppel sent us a trademark takedown demand against the post warning Medtronic about the breach Microsoft Security Response Center confirmed three days ago. We covered the legal absurdity in the first post. This one is about the money. After running the receipts on Doppel's funding history, their published customer list, our own feed pricing, R.R. Donnelley's $2.125M SEC settlement, HIPAA Tier 4 caps, the ShinyHunters 9 million record c

May 6, 2026 · DugganUSA LLC At 05:16 UTC this morning, Doppel — an AI-powered "brand protection" company — sent us a trademark takedown demand under penalty of perjury. They CC'd Medtronic's enforcement team. The post they want deleted is titled "Microsoft Just Published the Vish Chain We Warned Medtronic About," and it went up three days ago. Three companies are mentioned in that title. All three operate under different disclosure obligations. This post is about the gap betw