DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

The Chain Reaches Government. TeamPCP + ShinyHunters Hit Cisco and the European Commission Through Aqua's Security Scanner.

Patrick Duggan
Apr 3
4 min read

On April 1, we published "One Actor, Three Supply Chains" — documenting how TeamPCP chained Trivy → LiteLLM → Telnyx, each compromise funding the next. We said the chain doesn't stop when the vendor publishes a blog post. It stops when the credentials expire.

The credentials haven't expired.

Today we learned the chain reaches Cisco. And the European Commission. And potentially the FBI, IRS, and NASA.

The Full Chain

Aqua Security's Trivy (security scanner)
    ↓ TeamPCP poisoned 76/77 release tags (CVE-2026-33634)
    ↓ Credential stealer ran in CI/CD pipelines
    ↓ Harvested env vars, .env files, shell histories, tokens
    ↓
LiteLLM (AI proxy framework)
    ↓ TeamPCP used stolen creds to publish malicious PyPI versions
    ↓ Harvested more credentials from AI production pipelines
    ↓
Telnyx (cloud communications)
    ↓ TeamPCP used LiteLLM-harvested PyPI token
    ↓ Published malicious SDK with .WAV steganography payload
    ↓
Cisco Systems ($57B networking/security company)
    ↓ TeamPCP + ShinyHunters collaboration
    ↓ 300 private GitHub repositories stolen
    ↓ 3M+ Salesforce CRM records exfiltrated
    ↓ AWS account access (EC2 volumes, S3 buckets)
    ↓ Source code for AI Assistants and AI Defense products
    ↓ Customer data from Cisco's Salesforce: FBI, IRS, NASA records
    ↓
European Commission (29 EU entities)
    ↓ CERT-EU attributed breach to TeamPCP
    ↓ Cloud infrastructure compromised
    ↓ 90GB+ data exfiltrated (initially claimed by ShinyHunters)
    ↓ DKIM keys leaked (enables email forgery from EU domains)

A security vulnerability scanner made by Aqua Security — a company that sells security — was the entry point for a chain that now reaches into the customer databases of the FBI, IRS, and NASA, and the cloud infrastructure of 29 European Union entities.

The Collaboration

ShinyHunters and TeamPCP are working together. The Cisco breach used three vectors:

Trivy supply chain (TeamPCP) — the initial credential harvest that eventually reached Cisco's GitHub
Salesforce Aura vulnerability — exploiting Experience Cloud to access 3M+ CRM records
AWS account compromise — EC2 volumes and S3 buckets accessed directly

ShinyHunters brought the Salesforce expertise — they've been exploiting Salesforce Aura across 400+ companies this year. TeamPCP brought the supply chain access — the credentials harvested through the Trivy → LiteLLM → Telnyx chain.

Two groups. Complementary skills. One target.

The deadline was today. The data is going public.

What Was Stolen From Cisco

According to reporting from The420.in, Hackread, and CyberSecurityNews:

300 private GitHub repositories — including source code for unreleased tools
AI Assistants source code — Cisco's AI product line
AI Defense source code — Cisco's security AI products
3M+ Salesforce records — CRM data including records from Cisco's government customers
AWS credentials — EC2 volumes and S3 buckets from March 16-17, 2026
Customer data from major banks, BPOs, and US government agencies

The Salesforce records reportedly include data from Cisco's engagements with the FBI, IRS, and NASA. These are Cisco's customer records — not the agencies' internal data — but they contain contact information, contract details, and engagement history for federal law enforcement and intelligence customers.

What Was Stolen From the European Commission

CERT-EU attributed the European Commission cloud breach to TeamPCP. The breach exposed:

Data from 29 EU entities (not just the Commission itself)
AWS account compromised
90GB+ exfiltrated
DKIM keys — enabling email forgery from European Commission domains
Mail server dumps, confidential documents, contracts

29 EU entities. One breach. One threat actor group. The same group that started by poisoning a vulnerability scanner's GitHub tags.

Aqua Security's Role

Aqua Security makes Trivy. Trivy is the most popular open-source container vulnerability scanner. It runs in CI/CD pipelines at thousands of companies — including, apparently, Cisco.

When TeamPCP poisoned 76 of 77 Trivy release tags on March 19, every organization running aquasecurity/trivy-action in their CI/CD pulled a credential stealer instead of a security scanner. The stealer harvested environment variables, tokens, and secrets from the pipeline environment.

Those stolen credentials cascaded: Trivy → LiteLLM → Telnyx → Cisco → European Commission.

Aqua Security's product — their vulnerability scanner, the tool they built to make software safer — was the weapon used to compromise a $57 billion networking company and the governing body of the European Union.

We wrote on April 1: "Your security vendor is your attack surface." We wrote it about CrowdStrike, Intune, and Trivy. Today the Trivy thread connects to government data on two continents.

Pattern 38: Instance 19

The TeamPCP + ShinyHunters collaboration on Cisco is Pattern 38, instance 19. The chain now spans:

#	Date	Target	Method	Via
15	Mar 19	Trivy-Action	Git tag poisoning	Direct
16	Mar 24	LiteLLM	PyPI hijack	Trivy creds
16	Mar 27	Telnyx	PyPI hijack + .WAV stego	LiteLLM creds
17	Apr 2	Cisco FMC PoC	Webshell in GitHub "PoC"	Direct
18	Apr 2	Citrix NetScaler	Session harvester toolkit	Direct
19	Apr 3	Cisco (full breach)	Trivy supply chain + Salesforce + AWS	TeamPCP + ShinyHunters

Each link in the chain expands the attack surface. Each expansion enables the next link. The chain grows until the credentials expire or someone revokes them.

Cisco's AI source code. The European Commission's DKIM keys. FBI customer records. All traceable to a poisoned vulnerability scanner.

What To Do

Assume credential compromise if you pulled trivy-action between March 19-22
Rotate every secret accessible from your CI/CD environment — PyPI tokens, npm tokens, AWS keys, Salesforce credentials, GitHub tokens
Audit your Salesforce for unauthorized connected apps (ShinyHunters' vector)
Check AWS CloudTrail for unusual EC2/S3 access from March 16-17

Your CRM data may be in the dump
Contact Cisco for breach notification
Monitor for phishing using your Cisco engagement details

The IOCs for TeamPCP, ShinyHunters, and the Trivy supply chain are in our STIX feed: `` https://analytics.dugganusa.com/api/v1/stix-feed?format=splunk&api_key=YOUR_KEY ``

We documented the TeamPCP chain on April 1. The chain reached Cisco and the European Commission by April 3. A vulnerability scanner was the entry point. A $57 billion company's AI source code and government customer data were the exit.

The chain doesn't stop when the vendor publishes a blog post. It stops when the credentials expire.

They haven't expired yet.