The dev trust layer is the battlefield — TeamPCP breached GitHub itself, the first malicious npm package carried valid SLSA provenance, and CISA began listing poisoned packages as KEVs. Plus actively exploited Palo Alto, Defender, and WebLogic flaws.