Active zero-day exploits, phishing attacks targeting M365 OAuth, and critical vendor vulnerabilities mark major risk shifts across both infrastructure and cloud this week. Organizations must move quickly to patch newly disclosed issues, audit privileged access, and adapt monitoring to evolving attacker techniques.