Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.

A source, who asked to remain anonymous, told BleepingComputer that Cisco’s Unified Intelligence Center, CSIRT, and EOC teams contained the breach involving a malicious “GitHub Action plugin” from the recent Trivy compromise.

The attackers used the malicious GitHub Action to steal credentials and data from the company’s build and development environment, impacting dozens of devices, including some developer and lab workstations.