Three intelligence items this week establish structural context that applies across all vendor-specific items in this rollup: CrowdStrike’s 2026 Financial Services Threat Landscape documents three concurrent threat tracks (DPRK cryptocurrency theft, MURKY PANDA M365 espionage, eCrime ransomware) converging on the financial sector with AI-accelerated tempo; Verizon DBIR 2026 documents that exploit-based initial access now accounts for 31% of confirmed breaches, reflecting adversaries outpacing enterprise patch programs at scale; and a CISA contractor exposed an internal GitHub repository, demonstrating that third-party contractor code governance is an active organizational risk regardless of the host organization’s own controls.