Critical Exploits: npm Supply Chain, WordPress Plugin, SolarWinds, IIS Attacks

**Executive Summary:** Critical, multi-vector active threats reported: npm supply-chain poisoning distributing the IronWorm credential stealer and a Miasma worm variant; Everest Forms Pro (CVE-2026-3300, CVSS 9.8) actively exploited for remote code execution across ~4,000 WordPress installs; SolarWinds Serv-U being exploited for denial-of-service; OP-512 targeting IIS with custom web shells; and over 900 internet-exposed automatic tank gauge (ATG) systems under attack — immediate patching, dependency audits, credential rotation, and isolation/segmentation are recommended.