DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

A 17-Year-Old PowerPoint Bug Is Being Exploited in 2026

Patrick Duggan
Jan 12
2 min read

The Absurdity

CISA added CVE-2009-0556 to the Known Exploited Vulnerabilities catalog on January 7, 2026.

Read that again.

A vulnerability discovered in 2009 - when Obama was inaugurated, when Avatar was in theaters, when the iPhone 3G was cutting edge - is actively being exploited in the wild. Right now. In 2026.

The Vulnerability

CVE-2009-0556 - Microsoft Office PowerPoint Memory Corruption

CVSS: 8.8 (High)
Attack Vector: User opens malicious PowerPoint file
Impact: Arbitrary code execution
Affected: Office 2000, 2002, 2003, 2007
CISA Deadline: January 28, 2026

The attack is simple: Send a .ppt file. User opens it. Game over.

Why This Still Works

1. Legacy Systems Never Die

A manufacturing plant runs Office 2003 on air-gapped Windows XP
A government contractor uses Office 2007 for "compatibility"
A small business never upgraded because "it still works"

These systems exist by the millions. Most are unpatched. Many are internet-connected despite policies saying otherwise.

2. Patching Is Political

"We can't patch - it might break the ERP integration." "Legal said no changes until the audit is complete." "IT is understaffed, we'll get to it next quarter."

Every excuse is a vector. Every delay is an opportunity.

3. Users Still Click

17 years of security awareness training. 17 years of "don't open attachments from strangers."

Users still click. They always will.

The Real Story

The PowerPoint bug isn't the scariest thing CISA added this week.

CVSS: 10.0 (Critical)
Attack: Unauthenticated RCE
Impact: Full system compromise
Deadline: January 28, 2026

No user interaction required. No authentication needed. Just internet exposure and you're owned.

But the PowerPoint bug is the story. Because it exposes the uncomfortable truth:

We haven't fixed problems. We've just added new ones on top.

The Patch Debt

Year	CVEs Published	CVEs From That Year Still Exploited
2009	~5,000	Unknown, but CVE-2009-0556 proves: at least 1
2015	~6,500	Several EternalBlue-era vulns
2020	~18,000	Active Log4Shell exploitation
2024	~29,000	Most of them

The vulnerability backlog grows faster than we can patch. We're losing.

What To Do

Disconnect it from the network
Migrate to modern Office
If you can't migrate, block .ppt attachments at the mail gateway

Patch immediately (versions before 11.00 are vulnerable)
Check for indicators of compromise
Assume breach if internet-exposed

Audit your legacy software inventory
Assume every unpatched system is compromised
Block file types at the perimeter (.ppt, .doc, .xls from external sources)

The Meta-Point

A vulnerability from 2009 being actively exploited in 2026 isn't a technical failure.

It's a governance failure.

Somewhere, a risk assessment said "legacy Office is acceptable risk." Somewhere, a budget request for upgrades was denied. Somewhere, "it's working fine" won over "it's vulnerable."

Technical debt isn't just about code quality. It's about attack surface.

Every legacy system is a liability. Every unpatched box is a breach waiting to happen.

And apparently, some organizations need 17 years to learn that lesson.

Her name is Renee Nicole Good.

Get Free IOCs

Subscribe to our threat intelligence feeds for free, machine-readable IOCs:

AlienVault OTX: https://otx.alienvault.com/user/pduggusa STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed

Questions? [email protected]