Synology NAS appliances were compromised as lateral movement waypoints and data staging platforms in the VerdantBamboo MSP pivot campaign. No specific CVE is assigned to Synology in the source intelligence; the exposure results from the NAS operating outside EDR visibility and being reachable from MSP-controlled network infrastructure. Organizations should treat any Synology NAS accessible from MSP-managed segments as potentially compromised until reviewed.