This pack covers eight intelligence items spanning credential exposure at network scale, ransomware-as-a-service with active EDR-killing capability, SaaS supply chain compromise via OAuth token abuse, unauthenticated remote code execution in enterprise security and web infrastructure, hardware-layer firmware vulnerabilities, a hybrid financially-motivated and espionage campaign, and a structural governance gap in AI agent identity management. The immediate priority cluster is the convergence of FortiBleed credential exposure with the Gentlemen RaaS GentleKiller toolkit, where threat actors are actively chaining exposed FortiGate credentials into a two-stage attack that blinds endpoint defenses before deploying ransomware. CVE-2026-20253 in Splunk Enterprise requires emergency patching given its unauthenticated RCE capability against the security monitoring infrastructure itself and its EPSS score at the 95th percentile.