Active supply chain attack across NPM, PyPI, and Crates.io

A malicious package campaign is actively targeting popular package registries including NPM, PyPI, and Crates.io. Attackers are deploying trojanized packages that mimic legitimate dependencies to compromise software supply chains across multiple ecosystems simultaneously.