This pack is dominated by two concurrent state-sponsored hardware-level persistence campaigns (UAT-4356/ArcaneDoor targeting Cisco FXOS devices with the FIRESTARTER firmware implant) and a coordinated software supply chain attack (TeamPCP’s npm package poisoning), both of which require immediate containment actions that go beyond standard patching. The FIRESTARTER implant survives firmware updates and reboots on seven Cisco Firewall hardware series, making full device reimaging the only validated remediation path per CISA ED 25-03 (updated April 23, 2026). Secondary threats include AI-accelerated exploitation compressing n-day response windows to minutes, a Tropic Trooper campaign extending into home router infrastructure, a high-severity unauthenticated RCE in a widely deployed WordPress plugin, and a genomic data breach with significant regulatory exposure.