This pack covers two high-priority threat events dominated by trusted-relationship abuse and social-engineering vectors: a confirmed IT intrusion at critical infrastructure supplier Itron (112 million utility endpoints under management) and a nation-state spearphishing campaign exploiting Signal’s linked-device feature against senior German government officials. Both events exploit legitimate access pathways, vendor integrations and authenticated messaging features, rather than unpatched software, making traditional patch-based defenses insufficient. Immediate attention is required for organizations with active Itron vendor integrations and for any government or high-value enterprise personnel using Signal for sensitive communications.