10/8/25, 3:31 PM                     Shiny Hunters group reportedly extorting Red Hat after stealing data | SC Media
        credentials, review access logs, and brace for follow-up attacks exploiting the leaked information. The
        volume and sensitivity of the data make this breach a major supply chain security threat.”













































        Amir Khayat, co-founder and CEO at Vorlon, added that the Red Hat Beach represents a textbook SaaS
        ecosystem exposure amplified by an extortion‑as‑a‑service economy.



        “This breach moved from intrusion to extortion in less than a week,” said Khayat. “That speed exposes
        the new reality of SaaS: once data leaves a trusted boundary, attackers don’t need patience. They need

        partners. Extortion‑as‑a‑service means every overlooked repository or token can become tomorrow’s
        public crisis.”



        Khayat said teams with continuous, ecosystem‑wide visibility will detect and contain identity misuse
        fast enough to prevent the kind of cascading exposure that 28,000 repositories represent. Security
        teams should start by mapping every connected SaaS and developer platform, auditing and rotating

        tokens and secrets on a fixed schedule, and monitoring cross‑app data flows in real time, said Khayat.



        Jason Soroko, senior fellow at Sectigo, said the intrusion path in this case fits a familiar pattern that
        starts in a code platform and ends in customer environments. Attackers gained access to a self-hosted
        GitLab instance used by Red Hat Consulting and mined CERs and repos for hardcoded secrets

        including tokens and database credentials that opened doors into connected systems.



      https://www.scworld.com/news/shiny-hunters-group-reportedly-extorting-red-hat-after-stealing-data             2/3