Attackers used credentials stolen in the Trivy compromise to access Cisco’s internal build systems. Allegedly: multiple AWS keys, 300+ GitHub repos cloned, source for Cisco and some customers. First major confirmation that the CI credential harvest was being operationalized for direct intrusion.
← Findings
Cisco dev-environment breach via Trivy creds
Attackers used credentials stolen in the Trivy compromise to access Cisco's internal build systems. Allegedly: multiple AWS keys, 300+ GitHub repos cloned.