Two vulnerability disclosures turned into active exploitation overnight, and the gap between patch and breach keeps shrinking. CISA confirmed attackers are already inside Microsoft SharePoint deployments through a remote code execution flaw, hours after Cisco admitted its Unified Communications Manager, the call routing software banks and trading floors run their voice infrastructure on, is being hit too. Neither is isolated. Disclosure, weaponisation, exploitation, compressed to a single news cycle. Overnight, Russia hit Kyiv with its most massive missile and drone barrage of the war, killing at least 27 and pushing the mayor to declare a day of mourning. European risk desks have not adjusted exposure to match. Brussels moved on China trade, telling Beijing it would accept a narrower surplus if concessions follow, while the EU's top court upheld a 4.1 billion euro fine against Google over Android, confirming Brussels intends to keep using antitrust as its primary lever against US platforms. Anthropic's custom chip talks with Samsung sit alongside that fine as a second data point: Washington's export leverage and Brussels' regulatory leverage are now pulling on the same firms from different directions. A Singapore compliance officer should already be checking whether call manager infrastructure sits anywhere in the vendor stack. Watch whether CISA adds a mandated patch deadline by evening.