In short, the attacker influences the selection of the nonce in such a way that a portion of a secret (which can be anything) is contained in each signature.

In the code, the secret to be leaked is just a random value: