This pack covers six intelligence items spanning three distinct attack themes: unauthenticated exploitation of public-facing web applications and hosting infrastructure (CVE-2026-3296, CVE-2026-2931, CVE-2026-41940, CVE-2026-4670), identity-layer intrusion through vishing and AiTM credential interception with no malware footprint (CORDIAL SPIDER / SNARKY SPIDER), and WordPress-specific plugin attack chains enabling stored code injection and privilege escalation. Immediate priorities are patching the two CISA KEV-listed WordPress plugin vulnerabilities (CVE-2026-3296, CVE-2026-2931) and restricting cPanel/WHM interfaces while the CVE-2026-41940 advisory matures, alongside phishing-resistant MFA enforcement across all SaaS and IdP integrations to address the SaaS identity attack campaign. Organizations in hosting, government, financial services, and enterprise SaaS verticals face the highest aggregate exposure.