This pack covers four distinct threat clusters dominating the current landscape: a blockchain-evading RAT targeting enterprise administrators via SEO-poisoned tool downloads, a critical authentication bypass in cPanel/WHM actively exploited as a zero-day for approximately 60 days before patching with 1.5M exposed instances and a public PoC, a Linux kernel local privilege escalation affecting all major distributions since 2017 with a public exploit, and a CI/CD supply chain RCE in Google Gemini CLI. Secondary threats include a Python backdoor disabling Windows defenses and credential harvesting, plus cyber-enabled cargo theft chaining phishing with physical freight diversion. Immediate priorities are: (1) patch CVE-2026-41940 in all cPanel/WHM instances and assume compromise during the February-April 2026 zero-day window, and (2) block Ethereum RPC outbound traffic and audit admin tool downloads for the EtherRAT campaign.