Microsoft carries the broadest attack surface exposure this week, appearing across four distinct items: Exchange Server and SharePoint CVEs actively chained in the SharkLoader nation-state espionage campaign, ClickOnce framework abuse enabling stealthy user-space persistence on any Windows enterprise endpoint, and a malicious Edge extension abusing Native Messaging to deploy malware beyond the browser sandbox. The common thread is that legacy unpatched vulnerabilities and trusted Windows frameworks are being weaponized against organizations that have not fully closed known gaps.