trivy

4 posts

ShinyHunters exfiltrated Cisco source through Trivy

ShinyHunters exfiltrated Cisco source code through Trivy. The scanner inherited the runtime's identity. The runtime held everything.

Apr 29, 2026

Article

Your security scanner is the breach.

Cisco source code stolen, AWS keys breached, 300 repositories cloned. The exfiltration channel was Trivy operating inside Cisco's CI pipeline.

Apr 27, 2026

Article

ShinyHunters, Trivy, and the Pipeline Identity Problem

ShinyHunters cloned 300 Cisco repositories through Trivy running in a CI/CD pipeline. This is what failed structurally, why it failed, and what pipeline identity enforcement must look like.

Apr 2, 2026

Article

The Advisory Told You to Update. It Didn't Tell You What's Already Running.

Patching the advisory isn't enough. If your CI pipeline ran during the compromise window, the compromised code is baked into your container images and still running. Here's how to find it.

Apr 2, 2026