This week's dominant story isn't a zero-day in enterprise software — it's developers themselves becoming the attack surface, their tools weaponized before a single line of production code is touched.