This pack covers ten intelligence items spanning nation-state espionage, financially motivated cybercrime, actively exploited CVEs in enterprise and OT environments, and platform-level passive reconnaissance. China-linked state actors (TA416/Mustang Panda and an unattributed group) dominate the highest-severity items, operating long-dwell collection campaigns against government, law enforcement, and diplomatic targets via valid account abuse, cloud platform exploitation, and living-off-the-land techniques. Three items carry CISA KEV or active-exploitation confirmation requiring immediate operational response: CVE-2026-3502 (TrueConf update integrity failure, KEV deadline 2026-04-16), CVE-2026-1277 (WordPress URL Shortify open redirect, KEV confirmed), and the CISA ICS advisory cluster covering critical OT infrastructure across energy and manufacturing sectors.