A coordinated campaign cluster active the week of March 16, 2026 spans Chrome zero-day exploitation (CVE-2026-3909, CVE-2026-3910), a retrospectively identified AWS supply chain compromise traced to a 2025 malicious npm package, Veeam Backup & Replication RCE (CVE-2026-27493, CVE-2026-27495, CVE-2026-27497), Windows privilege escalation (CVE-2026-21666 through CVE-2026-21672), and a second SOHO router botnet targeting ASUS and generic routers alongside the law-enforcement takedown of AVrecon/SocksEscort. The campaign also references XSS chains in Roundcube and WordPress plugins, additional CVEs across SAP, HPE Aruba, PostgreSQL, OpenSSH, Palo Alto Networks, Cisco IOS XR, and others listed in the affected field. Priority actions are Chrome patching to 130.0.6723.70, AWS IAM credential rotation and CloudTrail review for affected pipelines, Veeam and Windows patching within 24 hours, and SOHO router firmware audit and segmentation. Full CVE-level details for the 42 associated identifiers should be verified against individual vendor advisories and the NVD before formal risk documentation.