Home > Security > Security News

Alleged Cisco Breach Linked to Trivy Supply Chain Compromise, ShinyHunters Claims 3 Million Salesforce Records

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Supply Chain Pipeline - Lock - Cloud Data
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Alleged breach impact: Cisco faces intense scrutiny following reports of a significant internal network intrusion that may have exposed 3 million Salesforce records.
  • Trivy vulnerability exploited: Attackers used the Trivy supply chain compromise to infiltrate Cisco's internal development environment, stealing AWS keys and cloning repositories.
  • ShinyHunters claims: The ShinyHunters threat group issued an extortion demand, alleging the theft of millions of Salesforce records alongside cloud assets.

ShinyHunters claimed a breach at Cisco, asserting it gained access to over 3 million Salesforce records containing personally identifiable information (PII), GitHub repositories, AWS buckets, and other private corporate data.

Attackers reportedly used credentials exposed during the recent third-party Trivy dependency compromise to infiltrate Cisco’s internal development and build environment. 

Trivy Supply Chain Compromise

The ShinyHunters extortion post that surfaced on the dark web alleges the group successfully penetrated Cisco’s internal development infrastructure, cloning over 300 GitHub repositories and extracting highly privileged AWS keys. 

The threat actors claim to possess over 3 million Salesforce records, and, according to the post, the data is derived from three breaches: voice phishing via UNC6040 activitysh, Salesforce Aura, and AWS accounts.

ShinyHunters claims Cisco breach | Source: SOCRadar
ShinyHunters claims Cisco breach | Source: SOCRadar

The breach of Cisco’s development environment following the Trivy compromise is the most substantiated part of the story, consistent with Aqua Security’s disclosure and the reported theft of AWS keys and large-scale repository cloning,” SOCRadar said.

Extended Trivy Impact

The Trivy vulnerability scanner’s poisoned component enabled unauthorized access to sensitive secrets and access tokens due to its widespread use in automated deployment workflows, exposing critical CI/CD security risks. Network administrators and security operations centers must immediately audit third-party dependencies and rotate all potentially exposed credentials.

A Mercor AI cyberattack was linked to a supply-chain exploit involving the compromise of the LiteLLM project, with Lapsus$ claiming responsibility for the breach. LiteLLM suspects the compromise originated from the Trivy dependency used in its CI/CD security scanning workflow.

Last month, ShinyHunters claimed Salesforce, Snowflake, Okta, Sony, AMD, Lastpass, and data compromise via a massive Salesforce breach, and reports revealed Interlock Ransomware exploited Cisco Firewall vulnerability CVE-2026-20131 weeks before disclosure.

In November 2025, hacking collective Scattered LAPSUS$ Hunters emerged as the new Extortion-as-a-Service cybercriminal alliance.

Add a Comment
Related
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Suspected Head of Cyberfraud Syndicate Li Xiong Extradited from Cambodia to China 
WhatsApp Spyware Alert: Fake App Targets Users in Italy
Axios Supply Chain Attack Linked to North Korea-Affiliated Hackers UNC1069 by Google
NSW Police Cybercrime Squad Busts $80 Million Dark Net Drug Syndicate
Suspected Iran-Nexus Password Spray Attack Targets Microsoft 365 Users in the UAE and Israel
Most Popular
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Suspected Head of Cyberfraud Syndicate Li Xiong Extradited from Cambodia to China 
WhatsApp Spyware Alert: Fake App Targets Users in Italy
Axios Supply Chain Attack Linked to North Korea-Affiliated Hackers UNC1069 by Google
NSW Police Cybercrime Squad Busts $80 Million Dark Net Drug Syndicate
Suspected Iran-Nexus Password Spray Attack Targets Microsoft 365 Users in the UAE and Israel
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Suspected Head of Cyberfraud Syndicate Li Xiong Extradited from Cambodia to China 
WhatsApp Spyware Alert: Fake App Targets Users in Italy
Axios Supply Chain Attack Linked to North Korea-Affiliated Hackers UNC1069 by Google
NSW Police Cybercrime Squad Busts $80 Million Dark Net Drug Syndicate
Suspected Iran-Nexus Password Spray Attack Targets Microsoft 365 Users in the UAE and Israel

Most Popular
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Suspected Head of Cyberfraud Syndicate Li Xiong Extradited from Cambodia to China 
WhatsApp Spyware Alert: Fake App Targets Users in Italy
Axios Supply Chain Attack Linked to North Korea-Affiliated Hackers UNC1069 by Google
NSW Police Cybercrime Squad Busts $80 Million Dark Net Drug Syndicate
Suspected Iran-Nexus Password Spray Attack Targets Microsoft 365 Users in the UAE and Israel
Apple Security Fix Defends Devices From DarkSword iOS Exploit
Suspected Head of Cyberfraud Syndicate Li Xiong Extradited from Cambodia to China 
WhatsApp Spyware Alert: Fake App Targets Users in Italy
Axios Supply Chain Attack Linked to North Korea-Affiliated Hackers UNC1069 by Google
NSW Police Cybercrime Squad Busts $80 Million Dark Net Drug Syndicate
Suspected Iran-Nexus Password Spray Attack Targets Microsoft 365 Users in the UAE and Israel

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: