What is the TeamPCP supply chain campaign?

TeamPCP (now UNC6780) compromised security scanners like Trivy to steal creds, hitting CI/CD pipelines at Cisco, Sportradar, and 1,000+ SaaS spots for data grabs and extortion.

Did Cisco really lose source code in the Trivy breach?

Yes—over 300 private repos cloned, including AI products and customer code for banks and US agencies, per BleepingComputer and threat intel.

What should organizations do after the UNC6780 designation?

Hunt IOCs via Google/Mandiant tools, author SANDCLOCK rules, contact Cisco if partnered, and segment supply chain tools aggressively.

🎯 Threat Intelligence

Cisco Source Code Vanishes in TeamPCP's Trivy Supply Chain Heist

Hackers just cloned Cisco's crown jewels—over 300 private repos with AI code and gov client data—via a tainted Trivy scanner. Google's now calling the culprits UNC6780, but the extortion game's hitting snags.

theAIcatchup Apr 08, 2026 3 min read

Cisco source code repositories being exfiltrated in TeamPCP supply chain attack

⚡ Key Takeaways

Cisco lost 300+ private repos to Trivy-linked creds theft by TeamPCP/UNC6780. 𝕏
Google's UNC6780 tag standardizes tracking; extortion efforts showing cracks. 𝕏
No CISA advisory yet, but secondary victims face disclosure risks—act now. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Cisco breach #TeamPCP #Trivy CVE #UNC6780

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by SANS ISC

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

LiteLLM's Backdoor Bombshell: How Hackers Hijacked AI's Fast Lane

TeamPCP's Telnyx SDK Hijack: Stealthier Than LiteLLM, Deadlier Too

CanisterWorm: Cybercrooks Hijack Iran Tensions for Cloud Data Heists

TeamPCP's Credential Blitz: AWS and Azure Fall in Hours, Not Days

Stay in the loop