This pack covers six enriched intelligence items dominated by two converging attack patterns: supply chain and ecosystem compromise targeting developer tooling, CI/CD pipelines, and AI platform infrastructure; and active exploitation of endpoint management and e-commerce vulnerabilities carrying CVSS scores of 9.0-9.8. CVE-2026-45247 (Mirasvit Magento 2, CVSS 9.8, CISA KEV) and CVE-2026-35616 (Fortinet FortiClient EMS, CVSS 9.0, EPSS 97th percentile) demand immediate containment within 24 hours. The vpmdhaj npm credential harvesting campaign and the Living-off-Trusted-Sites (LoTS) AI platform abuse cluster represent a structural shift in delivery tradecraft that bypasses reputation-based defenses and requires behavioral detection investment.