This reporting period is dominated by two converging threat patterns: software supply chain attacks targeting developer tooling and CI/CD pipelines (TeamPCP PyPI campaign, GitHub Discussions lure, CVE-2026-33211 Tekton path traversal), and multi-platform device exploitation spanning mobile, IoT, and Linux kernel infrastructure (iOS exploit kits Coruna/DarkSword, CVE-2025-43520 Apple KEV, nation-state IP camera compromise, BPFdoor upgrade). The TeamPCP supply chain campaign and the Tekton Pipelines path traversal represent the most operationally urgent items, with confirmed credential exfiltration and Kubernetes token theft risk respectively. Three Ruby on Rails/Salvo denial-of-service CVEs and a Citrix NetScaler patch round out the pack at lower urgency but require tracked remediation.