Supply chain compromises dominated this week, with developer tools, CI workflows, and npm packages falling in overlapping campaigns — while separately, a wave of active exploitation hit network infras