By compromising Trivy, the attackers gained access to sensitive secrets for many organizations. The extortion wave following this incident poses substantial risk for follow-on compromises and threatening extortion attempts. The cybercriminals involved are known for their aggressive tactics, being loud and demanding. It is unclear how the credentials were stolen, but it's believed they were not stolen from the victim's environment. The incident highlights the vulnerability of supply chains in sof...