Threat actors leveraged stolen credentials from a Trivy supply chain attack to breach Cisco's internal development environment, leading to the theft of over 300 GitHub repositories, including source code for AI products and customer data, and multiple AWS keys. The TeamPCP threat group is linked to the broader supply chain attacks that enabled this breach.
Initial Access
Trivy Supply Chain
confirmed
Threat actors compromised the Trivy vulnerability scanner's GitHub pipeline, distributing credential-stealing malware through official releases and GitHub Actions.
Defender cut points
Implement strict supply chain security policiesValidate third-party components before integrationMonitor CI/CD pipelines for unauthorized modifications
