This pack covers eleven intelligence items spanning two flash-priority campaigns, five CVEs (two critical, three high), two data breach and fraud campaigns, and an unpatched RCE with a public Metasploit module. The threat landscape is dominated by three converging patterns: identity-layer compromise enabling SaaS exfiltration, exploitation of internet-exposed network management and developer infrastructure, and state-sponsored intrusion via legitimate-tool abuse. Immediate attention is required for CVE-2026-35616 (FortiClient EMS, EPSS 97th percentile, actively exploited), the unpatched Gogs RCE (public Metasploit module, no vendor patch), and Kimsuky’s VS Code/Cloudflare tunnel campaign currently targeting defense and government organizations.