This reporting period is dominated by two converging threat patterns: software supply chain compromise targeting developer toolchains and CI/CD pipelines, and critical vulnerabilities in enterprise-facing applications enabling unauthenticated or low-privilege exploitation. Supply chain attacks – both the Checkmarx KICS compromise and the DPRK Contagious Interview campaign – represent the highest combined business risk due to their silent credential exfiltration capability and developer ecosystem reach. Immediate attention is required for the Checkmarx KICS poisoned images (assume secrets compromised), the SharePoint zero-day (1,300+ servers unpatched, CISA KEV), and the LMDeploy SSRF (CISA KEV, active exploitation confirmed); all three are in active exploitation or confirmed compromise states as of 2026-04-22.