This reporting period is dominated by three converging threat patterns: a sophisticated supply chain compromise targeting developer security tooling (TeamPCP / Shai-Hulud Wave 3), a persistent China-linked nation-state campaign against network perimeter devices (UAT4356 / FIRESTARTER), and a broader Chinese ORB network infrastructure operation exploiting SOHO and IoT devices for covert espionage relay. All three critical-severity items require immediate containment action; two involve confirmed nation-state actors with persistent footholds that survive standard remediation. The FIRESTARTER implant presents the most operationally complex remediation challenge, physical device access is required, while the TeamPCP supply chain attack has the broadest blast radius, potentially affecting any organization running Checkmarx tooling in their CI/CD pipeline.