This IRP covers six enriched intelligence items dominated by two attack patterns: deserialization-based unauthenticated RCE targeting network infrastructure and web application platforms, and credential/session theft via phishing and XSS against enterprise collaboration tools. Three items are actively exploited by named threat actors, the Interlock ransomware group has weaponized the Cisco FMC zero-day (CVE-2026-20131) for full network compromise and ransomware deployment, a Russian APT is targeting Zimbra-based organizations via email-borne XSS, and Langflow RCE was exploited within 20 hours of disclosure. Immediate action is required on CVE-2026-20131 (CISA KEV due 2026-03-22) and CVE-2025-54068 (CISA KEV due 2026-04-03); all six items carry active exploitation signals.