This pack covers two high-severity threat scenarios active as of 2026-04-14: a maturing BYOVD ecosystem enabling kernel-level EDR impairment across ransomware and APT operations, and a ShinyHunters extortion campaign exploiting Salesforce environment misconfigurations with confirmed impact at McGraw-Hill and suspected platform-wide exposure. Both scenarios exploit foundational defensive gaps, kernel integrity enforcement and cloud configuration governance, rather than novel zero-day vulnerabilities, meaning remediation is configuration- and policy-driven and executable now. Immediate attention is required on two fronts: enforcing HVCI and the Microsoft Vulnerable Driver Blocklist on all Windows endpoints, and auditing Salesforce sharing settings and guest user permissions given the April 14 extortion deadline.