This pack covers three intelligence items spanning two active threat campaigns and one platform security development, unified by a common theme: trusted software components and legitimate platform APIs weaponized as attack vectors. The highest-priority threats are developer-targeted credential theft via ClickFix social engineering on macOS (SCC-CAM-2026-0027) and Russian state-nexus espionage via browser headless mode abuse against Ukrainian-affiliated targets (SCC-CAM-2026-0028), both requiring immediate detection review and behavioral control deployment. The Android Accessibility Services platform update (SCC-STY-2026-0018) is informational but operationally relevant for enterprise mobile fleets and financial sector organizations still exposed to banking trojan techniques the control is designed to address.