The 2026-04-27 threat landscape is dominated by two converging attack patterns: coordinated supply chain compromise targeting developer toolchains (CI/CD pipelines, PyPI, npm, container registries, and security scanning infrastructure), and identity-based SaaS exfiltration exploiting SSO trust and phishing-resistant MFA gaps. Three critical-severity campaigns – UNC6780/TeamPCP’s multi-vector supply chain operation, the elementary-data PyPI pipeline hijack, and LAPSUS$’s Checkmarx toolchain compromise – require immediate containment action for any organization running affected packages or pipelines. ShinyHunters’ ongoing extortion campaigns against ADT and Medtronic confirm that Okta-federated SaaS environments and healthcare corporate IT without phishing-resistant MFA remain high-probability targets; two additional high-severity items – the unpatched Windows RPC PhantomRPC architectural flaw and a pre-Stuxnet ICS malware discovery – require threat model updates and compensating control investment in the absence of available patches.