This pack covers four active threat scenarios dominated by two converging attack patterns: exploitation of internet-facing network appliances and endpoint management infrastructure (CVE-2026-3055, CVE-2026-21643), and identity-driven cloud data theft targeting SSO-federated environments (ShinyHunters EC breach). Two items, CVE-2026-3055 and CVE-2026-21643, are confirmed in CISA KEV with active exploitation underway, requiring immediate containment and patching regardless of EPSS scores. A secondary WordPress credential exposure (CVE-2026-3098) affecting an estimated 500,000 installations rounds out the pack and warrants urgent patching given trivial exploitation complexity for any authenticated user.