This reporting period is dominated by three converging threat patterns: software supply chain compromise (malicious npm packages and AI toolchain exploitation), active exploitation of web application platforms targeting credential theft and payment card data, and a critical dual zero-day scenario against Microsoft Exchange Server with one CVE confirmed in active exploitation. Immediate attention is required for organizations running on-premises Exchange Server (CVE-2026-42897, no patch available, active exploitation confirmed), the node-ipc npm package versions 9.1.6/9.2.3/12.0.1 (active credential exfiltration via DNS tunneling), and the FunnelKit WooCommerce plugin (active card skimming campaign). Secondary priority items include Turla’s upgraded Kazuar P2P botnet targeting government and defense sectors, PAN-OS authentication and DoS vulnerabilities, and systemic patch discipline gaps across enterprise Apple fleets that create durable exposure to known-exploitable weaknesses.