DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

BreachForums Is Down, TELUS Lost a Petabyte, and Your Hospital Is Next

Patrick Duggan
Mar 17
3 min read

The Afternoon Sweep

Five things happened today that matter.

1. BreachForums Is Offline

The dark web's most popular stolen data marketplace is returning 502 errors. No explanation. No maintenance page. Just down.

BreachForums is where stolen databases go to be sold. Credit cards, credentials, PII, corporate data. If your company has been breached in the last two years, your data was probably listed there.

When the marketplace goes down, the data doesn't disappear. It moves. Telegram channels, private sales, alternative forums. The supply chain fragments but the product still ships.

Watch for an uptick in direct-sale Telegram activity over the next 72 hours.

2. TELUS Digital — One Petabyte

ShinyHunterz hit TELUS Digital on March 11. The claim: one petabyte stolen. BPO data, FBI background checks, source code.

One petabyte is a million gigabytes. That's not a database dump. That's an entire company's digital existence. FBI background checks means government employee PII — clearance holders, federal contractors, law enforcement.

TELUS Digital is a business process outsourcer. They handle other companies' data. When a BPO gets hit, the blast radius isn't one company — it's every company that trusted them with data processing.

If your organization outsources any data processing to TELUS Digital, assume your data is in the claim.

3. Stryker Is Still Restoring

TechCrunch confirmed today: Stryker is still restoring systems six days after Handala wiped 200,000 devices via their own Microsoft Intune MDM. 79 countries affected. 50TB exfiltrated.

Six days. For context, most disaster recovery plans promise 4-hour RTOs. Stryker's RTO is now measured in weeks.

The Handala wiper is named CrowdStrike.bin. We found the deobfuscated payload on GitHub. The IOCs are in our STIX feed. The setup guide takes five minutes.

We wrote this last week. Stryker is living it this week.

4. Another Healthcare Breach

One Source Medical Group — breach investigation ongoing. Details thin. But the pattern continues: healthcare is the target, not the exception.

Stryker (200K devices wiped, Iran)
One Source Medical Group (investigation)
CISA town hall today specifically on healthcare breach reporting
Our medical device vertical research showing 34% dev surface exposure at Stryker, 26% at Medtronic

CISA is pushing 72-hour breach reporting rules for healthcare and emergency services. The government sees what we see — healthcare security is failing at scale.

5. BeyondTrust Under Active Exploitation

CVE-2026-1731 — remote code execution in BeyondTrust, actively exploited by ransomware groups. If you're running BeyondTrust for privileged access management, patch today.

The irony of a privileged access management tool being the entry point for ransomware writes itself.

The EU Woke Up

The European Union sanctioned Chinese and Iranian companies today for cyberattacks on member states. Naming and sanctions. That's the EU's version of "we noticed."

What You Do About It

You can't prevent BreachForums from existing. You can't stop a nation-state from wiping Stryker. You can't make TELUS un-lose a petabyte.

What you can do: know what's hitting the internet right now and block it before it hits you.

Our STIX feed has over 1 million indicators. Updated continuously. Splunk ES native format. CSV blocklists for firewalls. TAXII 2.1 for everything else. Five minutes to configure.

The CISA town hall today is about making breach reporting mandatory. We'd rather you not have to report.

analytics.dugganusa.com/stix/pricing

Code NOTAFAKE for 20% off.

[email protected] — tell us what you're running, we'll configure it.

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.