What Happened
Cisco confirmed on April 2, 2026 a breach of its internal development environment. Threat actors from the TeamPCP group gained access using credentials harvested through a malicious GitHub Action injected during the late-March 2026 compromise of Trivy, the widely used open-source vulnerability scanner.
Using the stolen credentials, the attackers accessed Cisco’s build systems and CI/CD pipelines. Source code belonging to Cisco and several of its customers was exfiltrated. Multiple AWS access keys were also stolen and subsequently used for unauthorized activity across a small number of Cisco cloud accounts before detection.
Cisco’s Unified Intelligence Center, CSIRT, and Emergency Operations Center teams contained the immediate breach. Cisco stated it expects continued follow-on attack activity as stolen credentials from the broader Trivy compromise circulate among TeamPCP-affiliated actors. The full scope of exfiltrated material is still under assessment.
TeamPCP has conducted an escalating series of supply chain attacks since early 2026, targeting developer platforms including GitHub, npm, PyPI, Docker Hub, and VS Code extensions. Previous activity attributed to the group includes the original Trivy GitHub Actions compromise, the LiteLLM PyPI backdoor insertion, and attacks against the Checkmarx code analysis platform. The Cisco breach represents the most high-profile organizational target disclosed in the TeamPCP attack series to date.
Why This Matters for Canadian Organizations
Cisco networking and security products are deployed across the full breadth of Canadian enterprise, federal and provincial government, financial institutions, healthcare networks, and critical infrastructure. Stolen source code from Cisco’s internal development environment gives attackers an intelligence advantage: they actively search unpublished code for exploitable vulnerabilities before patches exist, shortening the defensive window for Cisco customers to zero.
The Trivy supply chain attack directly targeted Canadian DevOps teams. Trivy is integrated into GitHub Actions workflows across Canadian software development organizations. Any Canadian development team using Trivy-connected GitHub Actions before March 25, 2026 should treat their CI/CD credentials as potentially exposed.
Supply chain attacks targeting developer infrastructure are consistently flagged by Canada’s Communications Security Establishment in its annual cyber threat reporting. The TeamPCP attack series escalates this threat vector: groups are no longer simply inserting malware into packages, they are using compromised developer tooling to pivot into the infrastructure of major technology vendors. Canadian security teams should reassess all third-party CI/CD integrations in light of this breach.
What to Do
Rotate all GitHub Actions secrets, npm publish tokens, and Docker Hub credentials, with priority on any workflow using aquasecurity/trivy-action or third-party GitHub Actions added or updated after March 1, 2026. Audit GitHub Actions workflow files for unauthorized modifications or newly added actions referencing unknown repositories.
Review and rotate all Cisco API credentials and integration tokens used in internal DevOps pipelines. Treat credentials present in any CI/CD environment connected to Trivy as compromised until rotated.
Apply zero-trust review to all third-party vendor code integrations currently running in production pipelines. Monitor cloud environments for abnormal activity following credential rotation, with particular attention to AWS account API calls from unfamiliar regions or IP ranges.
Canadian organizations with evidence of CI/CD pipeline compromise should report indicators to the Canadian Centre for Cyber Security at contact@cyber.gc.ca.
Source: BleepingComputer
