This pack covers two active threats requiring immediate attention: a DPRK-nexus spear-phishing campaign (Konni/APT37) leveraging trust-chain propagation via KakaoTalk and a critically-exploited Wing FTP Server vulnerability chain (CVE-2025-47813 / CVE-2025-47812, CVSS 10.0) confirmed in CISA KEV. The Wing FTP chain carries the highest urgency due to active exploitation, a public-facing attack surface, and a federal remediation deadline of 2026-03-30. The Konni campaign presents elevated organizational risk through its novel tactic of weaponizing victim accounts to propagate malware laterally across trusted contact networks, compounding initial compromise with secondary distribution at no additional attacker cost.