Malware And CampaignsCampaign

Cisco breach via poisoned Trivy plugin and repo exfiltration

April 1, 2026Gray Hats, SOCRadar®, Nicolas Krassas

Gray Hats, SOCRadar, and others describe Cisco's internal dev environment being breached via a poisoned Trivy supply chain vector, leading to cloning hundreds of GitHub repos and theft of AWS keys.

Open in PulseSee the full expert discussion →

QUOTES

Cisco's internal dev environment was breached via a poisoned Trivy plugin.

TeamPCP exfiltrated 300+ repos and AWS keys in a massive 2026 supply chain strike.

Entry: Stolen credentials via the Trivy supply chain attack.

Access: 300+ internal repositories cloned.

Extraction: Sensitive AWS keys and GitHub assets exposed.

VOICES

Gray Hats

SOCRadar®

Nicolas Krassas

Dominic Alvieri

/r/netsec

RELATED TERMS

supply chaingithubawsgithubawssupply chainaws infrastructure

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security