This pack covers three intelligence items spanning endpoint security failures, Active Directory credential infrastructure attacks, and a structural shift in exploitation economics driven by AI-assisted tooling. The most urgent item is CVE-2026-33825 (BlueHammer) and two companion unpatched zero-days in Microsoft Defender that allow privilege escalation and defense suppression, with active exploitation confirmed by Huntress. Alongside this, CVE-2026-20929 enables Kerberos relay attacks against AD CS that bypass NTLM mitigations and produce durable certificate-based persistence, a high-severity identity threat requiring immediate patch validation and AD CS hardening. Cutting across both CVEs is a strategic intelligence signal: AI-assisted tooling is lowering the exploitation barrier for medium- and low-severity legacy vulnerabilities, meaning accepted-risk deferrals in vulnerability backlogs warrant urgent re-evaluation before they become the next confirmed exploit.