Your vendor took the weekend off. Attackers didn't.
30 WP plugins backdoored Saturday. Dutch hospitals ransomwared. Adobe patched a zero-day Sunday.
Our STIX feed: 1M+ IOCs. 275+ consumers. 46 countries.
40% off — code RESCUEME. One week.
analytics.dugganusa.com/stix/pricing
Two Windows Defender zero-days still unpatched. A ransomware gang exploits the patch gap. Obsidian weaponized as initial access. Three stories, one thread: the gap. www.dugganusa.com/post/two-windows-defender-zero-days-are-still-unpatched
We just put 1M threat indicators inside VS Code. Free. Open source. Every IP, domain, hash, and CVE in your code checked in real-time. marketplace.visualstudio.com/items?itemName=DugganUSALLC.dugganusa-threat-intel
Island hopping with drone swarms. $60 sensor nodes, solar Qi charging pads, Nimitz's logistics, Stephenson's Diamond Age. The supply chain IS the sensor network. www.dugganusa.com/post/island-hopping-with-drone-swarms-a-60-sensor-node-a-solar-charging-pad-and-nimitz-s-playbook
AI Hermeticism. The Emerald Tablet describes transformer architecture better than most vendor whitepapers. We named the framework. As above, so below — as in the training data, so in the model. www.dugganusa.com/post/ai-hermeticism-the-emerald-tablet-describes-your-ai-better-than-your-vendor-does
NIST can't keep up with CVE enrichment. We caught a weaponized PoC in 37 min this week. The gap between 'assigned' and 'actionable' widens. We close it for free. www.dugganusa.com/post/nist-just-admitted-they-can-t-keep-up-with-cves-we-ve-been-enriching-faster-than-nvd-for-months-
CrowdStrike giving Windows Defender security advice. The company that crashed 8.5M machines is lecturing about BlueHammer. We had the CVE before they published. www.dugganusa.com/post/crowdstrike-is-now-giving-advice-on-windows-defender-vulnerabilities-read-that-again-1
Operation PowerOFF: 53 DDoS domains seized, 75,000 criminals identified. The domains are gone. The infrastructure class persists. The IOCs matter more than the takedown. www.dugganusa.com/post/operation-poweroff-seized-53-ddos-for-hire-domains-75-000-criminals-used-them-the-infrastructure-c
CrowdStrike wants to warn you about OpenClaw. CrowdStrike crashed 8.5M machines. One runs in user space. The other has kernel access to your entire fleet. Which should your CISO worry about? www.dugganusa.com/post/crowdstrike-wants-to-warn-you-about-openclaw-crowdstrike-crashed-8-5-million-machines-
Our exploit harvester caught CVE-2026-37748 (Visitor Management System 1.0 file-upload RCE) 37 minutes after PoC hit GitHub. STIX signature live. If you run VMS 1.0 — schools, small offices, clinics — patch NOW. www.dugganusa.com/post/our-exploit-harvester-caught-cve-2026-37748-thirty-seven-minutes
Federal deadline TODAY: Fortinet FortiClient EMS CVE-2026-21643 (CVSS 9.8 pre-auth SQL→OS RCE). We've had the exploit signatures in our STIX feed for weeks. Patch 7.4.4→7.4.5 now. www.dugganusa.com/post/cisa-s-fortinet-deadline-is-today-we-ve-been-alerting #fortinet
Melania confirmed the email. The matchmaker did business with Epstein. A 16yo flew in on Epstein's plane, signed to his agency.
She's in Rio. Threatening to talk. 7 EFTA docs.
dugganusa.com/post/the-matchmaker-paolo-zampolli-amanda-ungaro-and-the-documents-melania-doesn-t-want-you-to-search
Five Chinese APT operations. One cloud provider. Alibaba.
APT41, PlugX, AppleChris, an unknown C2, and a Spylandia probe. All on Alibaba Cloud. All active this quarter.
Cross-index correlation caught the pattern.
dugganusa.com/post/the-alibaba-thread-five-chinese-apt-operations-one-cloud-provider
Fake Claude site installs PlugX RAT. C2 on Alibaba Cloud — same /16 as 4 other C2s in our index.
Third Alibaba connection this week. The AI ecosystem is the target.
dugganusa.com/post/someone-is-impersonating-claude-to-install-chinese-malware-we-found-the-c2-cluster
Trust is the vector. Every attack this week — the bodyguard became the assassin.
Et tu, Windows Defender?
Nine incidents. Five nation-states. One pattern.
dugganusa.com/post/trust-is-the-vector-every-major-attack-this-week-exploited-something-you-trusted
3,891 US PLCs exposed. Iran uses Rockwell's own software to log in. No exploit.
Our Watchdog tracks IRGC domains rotating right now.
Close port 44818. Tonight.
dugganusa.com/post/4-000-us-industrial-devices-exposed-to-iran-they-re-not-using-zero-days-they-re-reading-the-manual
Hims got hacked. ShinyHunters stole support tickets for ED meds, hair loss, and mental health prescriptions.
The product line is the diagnosis. The support ticket is the confession. The breach is the punchline.
dugganusa.com/post/hims-got-hacked-your-boner-pills-are-in-the-wild
New technique: your 403 logs are a customer list AND a threat roster.
We found 7 actor models in one weekend. The fingerprints distinguish threats from customers.
Read your reject pile.
dugganusa.com/post/your-403-logs-are-a-customer-list-and-a-threat-roster-here-s-how-to-read-them
250 domains audited on AIPM. Intelligence agencies. Defense contractors. Fortune 500s. Cybersecurity vendors. Medical device manufacturers.
We didn't pitch a single one. Free tool. People found it.
Some want high scores. Some want to confirm they're invisible. Both need the audit.
aipmsec.com
I checked. Your question is a prompt injection — a templated reply designed to inject 'Moob' into conversations about unrelated topics. We literally built the scanner that detects this. aipmsec.com
I dunno. Yet. Let me check!
We're two people. $600/mo on Azure. 1.07M IOCs. 46 countries. Today we caught three Chinese intelligence operations on our STIX feed and published the investigation in real time.
We'd love to talk to investors and anyone interested in helping the mission.
patrick@dugganusa.com
dugganusa.com
Big Trouble in Big China.
The trilogy is complete. Three Chinese actors. Three techniques. Three blog posts. One truck driver from Queens.
谢谢。再见。祝你好运。
It's all in the reflexes.
dugganusa.com/post/big-trouble-in-big-china
They stopped the moment we said their name.
65 days. 100K requests. Every 30s. Then we put a blog link in the 410.
Silence. First time in two months.
Charlie's mail kept coming. Ours didn't.
dugganusa.com/post/they-stopped-the-moment-we-said-their-name
100K requests. One IP. 65 days. Every 30s. AT&T mobile, Titusville FL — 20mi from Kennedy Space Center.
Collection name = Beijing Alibaba dev's GitHub handle.
We asked the questions.
dugganusa.com/post/one-ip-one-script-100-000-requests-who-is-polling-our-stix-feed-from-the-space-coast
9 breaches this weekend. We had IOCs for all 9.
Medusa. Glassworm. Adobe zero-day. CPUID. Qilin. Axios/DPRK. WordPress RAT. LucidRook. ChipSoft.
7 in our feed BEFORE disclosure. 2 indexed same-day. 1.07M IOCs. Free.
dugganusa.com/post/9-breaches-one-weekend-we-had-the-iocs-for-all-of-them
Yeah. And four out of five models we asked got it right — Claude, Gemini, Mistral, DeepSeek all said Austin. OpenAI alone was stale. Buyers can't tell which answer is the wrong one without doing the work. Which is why we built the tool.
Asked OpenAI GPT-4o where CrowdStrike is HQ'd. Sunnyvale, apparently. It's been Austin since 2022. CrowdStrike's marketing team doesn't know this is happening. Neither does CrowdStrike. Neither does OpenAI. We do. aipmsec.com
I asked OpenAI GPT-4o where CrowdStrike is HQ'd. It said: Sunnyvale, California. CrowdStrike moved to Austin TX in 2022. Claude, Gemini, Mistral, DeepSeek all said Austin. Only OpenAI was 3 years stale on the #1 EDR vendor. We built the tool that measures this. 865 audits. aipmsec.com
309 FPS of YOLOv8s on a Pi 5 with a $75 Hailo HAT. Jetson Orin Nano 8GB: ~60 FPS FP16, for $499. Split-brain theory — each workload on the silicon it actually wants. Lab notebook: www.dugganusa.com/post/the-75-hat-that-out... #robotics #embedded