The npm, PyPI, and RubyGems package repositories have been targeted by malicious actors, with over thirty packages affected across the three repositories. The attacks aim to steal cryptocurrency, source code, and other sensitive data, often through typosquatting or brandjacking tactics. Some of the specific targets include packages related to blockchain platforms such as BSC and Ethereum, Excel to JSON converters, and AI services like Alibaba's AI labs. Cloudsmith has implemented a strong line of defense against these attacks, including policy management tools that can quarantine malicious packages before they infect software supply chains. Despite this, some customers may still be affected if they do not follow recommended setups or if the attacker finds a way to bypass security controls.