Cisco Source Code Stolen in Trivy Supply Chain Breach

Cisco has confirmed a cyberattack in which threat actors stole source code belonging to the company and its customers by breaching its internal development environment. According to BleepingComputer, the attackers gained access using credentials stolen in the recent Trivy supply chain attack. Trivy is a widely used open-source vulnerability scanner, and the compromise of credentials associated with it gave attackers a foothold into Cisco's developer systems. The breach allowed the intruders to access and exfiltrate source code repositories hosted within Cisco's internal infrastructure. The affected code includes material belonging to both Cisco and to its enterprise clients, though Cisco has not disclosed which specific products or customers are involved. The attack highlights the growing risk of credential theft through supply chain compromises. Trivy, maintained by Aqua Security, is used by thousands of organizations to scan container images and code for vulnerabilities. Credentials stored or cached by developers running Trivy-based workflows appear to have been harvested in the earlier supply chain incident. Cisco has not provided a timeline for the breach or detailed how many source code repositories were accessed. The company is expected to notify affected customers as its investigation continues. This incident follows a pattern of supply chain attacks targeting developer tooling to gain access to larger downstream targets. Security researchers have warned that credential theft from CI/CD pipelines and scanning tools represents a significant and underappreciated attack surface. BleepingComputer first reported the breach on March 31, 2026, citing multiple sources familiar with the incident.