This pack is dominated by unauthenticated remote code execution vulnerabilities across enterprise infrastructure, MDM, managed file transfer, collaboration platforms, and endpoint management, all carrying CVSS 9.8 scores and several confirmed in active exploitation. A concurrent espionage-motivated threat cluster (UAT-10362/LucidRook) is targeting civil society organizations with sophisticated, geofenced malware, while infostealer-driven session hijacking (LummaC2) continues to erode MFA effectiveness at scale. Immediate priority is emergency containment and patching of CVE-2026-1340 (Ivanti EPMM), CVE-2026-22679 (Weaver E-cology), CVE-2026-2699/2701 (ShareFile SZC), and CVE-2026-35616 (FortiClient EMS), all of which represent pre-authentication attack surfaces actively targeted or at critically elevated exploitation probability.