A new wave of cyberattacks is targeting open-source software ecosystems, with malicious packages discovered in npm, PyPI, and RubyGems repositories. These supply chain attacks are designed to steal cryptocurrency wallets, delete codebases, and exfiltrate data from Telegram bots. Additionally, a new variant of the Chaos RAT malware is spreading among Linux and Windows users by masquerading as a legitimate Linux network tool. This malware deploys cryptocurrency miners, steals data, and gains full control over infected devices through phishing campaigns. Cybersecurity researchers have also identified a cryptojacking campaign targeting DevOps web servers, including those of Docker, HashiCorp Nomad, HashiCorp Consul, and Gitea. Furthermore, hackers are distributing backdoored code on GitHub, targeting both gamers and novice hackers with fake cheat codes and malicious software. These developments underscore an increasing trend of threat actors embedding malicious code in widely used open-source packages and platforms.