Trivy
7 posts
ShinyHunters exfiltrated Cisco source through Trivy
ShinyHunters exfiltrated Cisco source code through Trivy. The scanner inherited the runtime's identity. The runtime held everything.
Your security scanner is the breach.
Cisco source code stolen, AWS keys breached, 300 repositories cloned. The exfiltration channel was Trivy operating inside Cisco's CI pipeline.
A Trivy-based CI/CD misconfiguration led to credential exposure in a Cisco-related incident
A review of how a misconfigured Trivy scan in Cisco's CI/CD pipeline led to AWS credential exposure due to unverified post-scan execution. Explores the systemic failure behind treating scanning outputs as trusted signals.
ShinyHunters, Trivy, and the Pipeline Identity Problem
ShinyHunters cloned 300 Cisco repositories through Trivy running in a CI/CD pipeline. This is what failed structurally, why it failed, and what pipeline identity enforcement must look like.
The Advisory Told You to Update. It Didn't Tell You What's Already Running.
Patching the advisory isn't enough. If your CI pipeline ran during the compromise window, the compromised code is baked into your container images and still running. Here's how to find it.
Trivy Supply Chain Attack Exposes Cisco Source Code
ShinyHunters stole Cisco source code via Trivy supply chain attack due to exposed AWS keys in CI/CD pipelines. Here's how it happened and what you must fix now.
Trivy Supply Chain Attack Exposes Cisco's Source Code
ShinyHunters stole Cisco's source code via Trivy supply chain attack. A compromised Docker image led to AWS key exposure and 300 repos cloned. The real failure was trusting tools without verifying integrity.