What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hosted threat briefing held alongside the RSA Conference 2026 in San Francisco on Tuesday. “We know of over 1,000 impacted SaaS environments right now that are actively dealing with this particular threat campaign,” he said at the event, reported CyberScoop. “That thousand-plus downstream victims will probably expand into another 500, another 1,000, maybe another 10,000.” He, according to the report, warned that widespr...