Four actively exploited CVEs (Netlogon, NetScaler, Android, SharePoint), a self-propagating npm supply-chain worm tracing back to an infostealer-compromised CI/CD pipeline, Iran-MOIS destructive ops dressed as hacktivism, and AI agent prompt injection via push notifications.