Microsoft appears this week through three distinct threat vectors: ClickOnce deployment technology documented as an active malware delivery and persistence channel (two items, no CVE), Azure Sentinel as a targeted repository in the Cordyceps CI/CD campaign, and Windows as the underlying platform for ClickOnce abuse. No CVEs are assigned; all three items represent feature-abuse and supply-chain risk requiring detection engineering and configuration hardening rather than patch deployment.