This pack covers five intelligence items spanning credential theft, identity-based attack campaigns, unauthenticated remote code execution, and unpatched zero-days targeting both enterprise infrastructure and developer tooling. Two critical-severity CVEs with public exploit code, Cisco Unified CM SSRF-to-root (CVE-2026-20230) and WordPress Kirki account takeover (CVE-2026-8206), require immediate patch action within 24 hours. Credential and identity-based attacks dominate the landscape: living-off-the-land BEC, NTLMv2 hash coercion with no vendor patch, and OAuth token theft via VS Code zero-day collectively create compounding exposure across authentication, access control, and developer supply chain domains.