April 1, 2026 Cisco suffered a cyberattack after attackers used stolen credentials from a compromised developer tool to access its internal systems and steal source code. More than 300 GitHub repositories were cloned in the incident, including code tied to AI products and some customer environments.
The breach was linked to the recent compromise of the Trivy vulnerability scanning tool, where attackers inserted a malicious GitHub Actions component designed to harvest credentials. Those credentials were then used to gain access to Cisco’s build and development environment.
The intrusion reached beyond internal systems. Attackers reportedly obtained AWS keys and used them to carry out unauthorised activity across a small number of Cisco cloud accounts before access was contained.
Cisco has since isolated affected systems, started reimaging devices and carried out wide-scale credential rotation. Internal security teams, including incident response units, were involved in containing the breach.
The scale of exposure is notable. Alongside Cisco’s own code, some of the repositories taken are believed to belong to corporate customers, including banks, outsourcing firms and U.S. government agencies.
This incident is part of a wider pattern of supply chain attacks targeting developer tools. In the Trivy case, attackers were able to distribute credential-stealing malware through trusted software pipelines, creating access to multiple organisations at once.
Security researchers have linked these attacks to a group known as TeamPCP, which has also targeted platforms like GitHub, PyPI, NPM and Docker. Related compromises involving tools such as LiteLLM and Checkmarx have affected tens of thousands of systems.
What makes this breach different is how it spread. Instead of targeting Cisco directly, attackers compromised a trusted tool used in software pipelines, then used that access to move into internal environments. Once inside, they were able to reach source code, credentials and cloud infrastructure.
The breach shows how a single compromised tool can open the door to multiple environments at once, turning routine development workflows into a point of entry.
