This pack covers two active exploitation scenarios targeting web infrastructure and Windows endpoints: an unauthenticated takeover of Nginx UI management interfaces (CVE-2026-33032, CVSS 9.5, actively exploited in the wild with ~2,600 exposed instances) and a confirmed-exploited Windows privilege escalation via taskhostw.exe (CVE-2025-60710, CVSS 7.5, CISA KEV-listed April 14, 2026). The dominant attack pattern is opportunistic exploitation of unpatched, internet-facing or post-access infrastructure combined with privilege escalation to achieve full system control. CVE-2026-33032 demands immediate containment and patching; CVE-2025-60710 requires urgent patch verification given CISA KEV confirmation and 95th-percentile EPSS.