Repo Jacking` is a powerful yet widely unknown attack vector that has emerged in recent years, allowing attackers to compromise software components with tens of millions of downloads across the Terraform IaC and Composer PHP package registry ecosystems. The issue arises from how SCM providers handle renaming organizations, which can lead to automatic redirection of repository URLs, creating an opportunity for attackers to hijack repositories and install malicious code. Terraform, a popular IaC tool, is particularly vulnerable due to its reliance on Git repository artifacts directly, making it a potential target for Repo Jacking attacks. In the case of Terraform, researchers found that 301 modules were susceptible to this attack, with a total download count of 661,693, potentially compromising millions of end-user devices and production environments. Composer, another popular package manager, is also vulnerable due to its reliance on repository URLs to fetch artifacts, although the impact is mitigated by recent changes implemented in the Packagist registry. SCM providers like GitHub have taken measures to prevent such issues, but they are not perfect, allowing some repositories to still be hijacked. The research highlights the importance of awareness about Repo Jacking and encourages developers to take steps to protect their ecosystems from this attack vector.