Cisco reports a significant cyberattack resulting in the theft of company and customer source code. Attackers breached internal development environments using credentials stolen from a supply chain attack on the Trivy vulnerability scanner.
The breach utilized a malicious GitHub Action plugin to compromise dozens of devices. Threat actors cloned over 300 GitHub repositories. The stolen data includes source code for AI-powered products and unreleased software.
Attackers also obtained multiple AWS keys for unauthorized activities. Cisco has contained the breach and isolated affected systems. The company is currently conducting a large-scale credential rotation.