If anyone you know uses , it's time to rotate all of the credentials it had access to if you ran the 0.69.4 container or GitHub release (Homebrew users avoided this thanks to building from source). Probably a good idea to think about other defense-in-depth measures, too…

https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise
https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release