Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

The Cisco incident is a cyberattack on its internal development environment that exposed source code and credentials. Attackers used stolen credentials linked to the recent Trivy supply chain attack and a malicious GitHub Action plugin to get in. Cisco isolated affected systems, began reimaging them, and rotated credentials after the breach.

Related Happenings

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Open Happening

GitHub hit by network compromise

Incident
First: 20.05.2026 07:01 Last: 20.05.2026 07:01 Sources 1

About this happening: GitHub is investigating unauthorized access to its internal repositories after a third party allegedly offered stolen material for sale on a cybercrime forum. The intrusion was li...

Latest development: 20.05.2026 13:45

GitHub detected unauthorized access tied to a poisoned Visual Studio Code (VS Code) extension on an employee device, removed the malicious extension version, isolated the endpoint, and began incident response to contain exposure across internal repositories.

Open Happening

Rwl.angular-console (Nx Console) hit by network compromise

Incident
First: 19.05.2026 10:49 Last: 19.05.2026 10:49 Sources 1

About this happening: The **Nx Console** extension **rwl.angular-console 18.95.0** was compromised on the **VS Code Marketplace**, exposing **developers** to a **credential-stealing** payload and suppl...

Open Happening

Actions-cool/issues-helper hit by network compromise

Incident
First: 19.05.2026 08:28 Last: 19.05.2026 08:28 Sources 1

About this happening: The **actions-cool/issues-helper** GitHub Actions supply-chain compromise let malicious tags run in **CI/CD pipelines**, causing **credential theft** and downstream account risk....

Open Happening

Grafana Labs Says GitHub hit by cyberattack

Incident
First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Open Happening

Timeline

  1. 31.03.2026 20:53 2 articles · 1mo ago

    Cisco breach involving stolen Trivy credentials and source-code theft

    Initial Disclosure

    Attackers used stolen credentials from the recent Trivy supply chain attack and a malicious GitHub Action plugin to breach Cisco's internal development environment, steal source code for Cisco and some customers, clone more than 300 GitHub repositories, and reportedly take multiple AWS keys that enabled unauthorized activity in a small number of Cisco AWS accounts; Cisco isolated affected systems, began reimaging them, and started wide-scale credential rotation, and researchers linked the broader supply-chain activity to TeamPCP through the TeamPCP Cloud Stealer infostealer.

    Show sources
    Open in new tab