Cisco source code stolen via Trivy supply chain attack
What happened
Cisco suffered a cyberattack where threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment. The attackers used a malicious GitHub Action plugin from the Trivy compromise to steal credentials and data from Cisco's build and development environment.
Impact and response
The breach impacted dozens of devices, including developer and lab workstations. More than 300 GitHub repositories were cloned during the incident, including source code for AI-powered products such as AI Assistants, AI Defense, and unreleased products. A portion of the stolen repositories belongs to corporate customers, including banks, BPOs, and US government agencies.
Multiple AWS keys were reportedly stolen and used to perform unauthorized activities across a small number of Cisco AWS accounts. Cisco has isolated affected systems, begun reimaging them, and is performing wide-scale credential rotation.
Attack chain and attribution
The breach was caused by this month's Trivy vulnerability scanner supply chain attack, where threat actors compromised the project's GitHub pipeline to distribute credential-stealing malware through official releases and GitHub Actions. That attack enabled the theft of CI/CD credentials from organizations using the tool.
Security researchers linked these supply chain attacks to the TeamPCP threat group based on their use of the "TeamPCP Cloud Stealer" infostealer. TeamPCP has been conducting a series of supply chain attacks targeting developer code platforms, including GitHub, PyPi, NPM, and Docker. The group also compromised the LiteLLM PyPI package and the Checkmarx KICS project to deploy the same information-stealing malware.
Ongoing concerns
While the initial breach has been contained, Cisco expects continued fallout from the follow-on LiteLLM and Checkmarx supply chain attacks. Multiple sources indicated more than one threat actor was involved in the Cisco CI/CD and AWS account breaches, with varying degrees of activity.
📖 Read the full source: HN AI Agents
👀 See Also
Wide OpenClaw: Security Risks from Loose Discord Bot Permissions
A security researcher demonstrates how OpenClaw can be exploited when users add the AI assistant bot to their Discord server with excessive permissions, targeting users who grant root/admin access without considering security controls.
Google Threat Intelligence Group Reports First AI-Developed Zero-Day Exploit Bypassing 2FA
Google Threat Intelligence Group detected the first fully AI-developed zero-day exploit that bypasses 2FA in a popular open-source web-based system administration tool, along with self-morphing malware and Gemini-powered backdoors.
Security vulnerabilities exposed in Lovable-showcased EdTech app
A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.
