DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Threat Sweep: January 26, 2026 - Patch Now, Ask Questions Later

Patrick Duggan
Jan 26
3 min read

RED ALERT: Patch Immediately

CVE-2026-20805 - Windows Desktop Window Manager

Microsoft rated this "Important" with a modest CVSS 5.5. They're underselling it.

This information disclosure vulnerability is actively exploited in the wild and CISA added it to the Known Exploited Vulnerabilities catalog with a February 3rd deadline for federal agencies. Here's why it matters more than the score suggests: security researchers confirmed it chains with separate code execution flaws to "transform a complex and unreliable exploit into a practical and repeatable attack."

Translation: attackers are using this to bypass ASLR (Address Space Layout Randomization), one of Windows' core memory protections. Once ASLR is gone, their other exploits become reliable instead of probabilistic.

Action: Apply January 2026 Patch Tuesday updates to all Windows systems this weekend.

CVE-2024-37079 - VMware vCenter Server

This one's embarrassing. Patched in June 2024. CVSS 9.8. Now actively exploited.

If you run vCenter and haven't patched in seven months, you're already compromised or about to be. This heap overflow vulnerability allows remote code execution via specially crafted network packets. No authentication required.

Action: Verify vCenter patches applied. If not, assume breach and investigate.

CVE-2026-23550 - WordPress Modular DS Plugin

CVSS 10.0. Maximum severity. Unauthenticated privilege escalation affecting all versions through 2.5.1.

If you're running WordPress with this plugin, attackers can take over your site without logging in.

Action: Update immediately or deactivate the plugin.

ORANGE ALERT: Active Threat Campaigns

Sandworm's DynoWiper - Energy Sector

Russian state-sponsored Sandworm deployed previously unknown DynoWiper malware against Poland's power grid in December 2025. Polish officials called it "the strongest attack on energy infrastructure in years."

The attack failed, but the capability exists. Energy sector: review your OT/IT segmentation.

Konni's AI-Generated Malware - Developers

North Korean threat actors are targeting blockchain developers with AI-crafted PowerShell backdoors. They've expanded from South Korea to Japan, Australia, and India. If you're in crypto/blockchain development, scrutinize unsolicited job offers and code samples.

Malicious VS Code Extensions - 1.5 Million Downloads

Two ChatGPT-themed Visual Studio Code extensions were caught exfiltrating source code to China-based servers. Combined 1.5 million downloads. They function normally while silently capturing your file modifications.

Action: Audit your VS Code extensions. Remove anything ChatGPT-related you didn't install from a verified publisher.

YELLOW ALERT: This Week's IOCs

Fresh from our STIX feed (last 24 hours):

Indicator	Type	Threat
101.198.0.133	IP	Auto-blocked, 100% AbuseIPDB score
47.104.172.191	IP	Cobalt Strike C2
106.54.34.252	IP	ValleyRAT C2
217.160.153.225	IP	Empire Downloader C2
51.20.115.188	IP	Meterpreter C2
trodatec[.]ch	URL	Malware payload delivery

These are already in our free STIX feed at https://analytics.dugganusa.com/api/v1/stix-feed. If you're not consuming it yet, now's a good time to start.

The Week Ahead

Microsoft's 113 patches included two critical Office vulnerabilities (CVE-2026-20952 and CVE-2026-20953) exploitable through the Preview Pane. You don't even have to open the email - just preview it. Plan your patching accordingly.

Firefox dropped 34 security fixes with two suspected active exploits. Fortinet is investigating reports of exploitation on "fully patched" FortiGate firewalls, which suggests an undiscovered attack pathway.

The threat landscape in 2026 is characterized by three trends: identity abuse overtaking network exploits as the primary breach vector, ransomware-as-a-service ecosystems maturing into specialized supply chains, and AI-driven autonomous threat agents that adapt without human supervision.

Stay patched. Stay vigilant.

Our STIX feed updates every 6 hours with correlated threat intelligence from multiple sources. Free to consume, no registration required: [STIX Feed Documentation](https://analytics.dugganusa.com/docs/stix-feed)

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.