Cisco Systems ShinyHunters Claim 3M Salesforce Records, 300+ GitHub Repos, and AWS Data in Triple-Vector Extortion

• .What: ShinyHunters claims three separate breaches of Cisco Systems spanning voice phishing, Salesforce Aura misconfiguration exploitation, and AWS credential theft via the Trivy supply chain compromise - aggregating the stolen data into a single extortion demand with an April 3, 2026 deadline.
• .Who: Cisco Systems, Inc. (NASDAQ: CSCO). FY2025 revenue $56.7 billion. ~86,200 employees. Market cap ~$316 billion. Data includes records of Cisco customers and employees across US federal agencies (FBI, DHS, DISA, IRS, NASA), the Australian Ministry of Defence, and Indian government agencies.
• .How: Three vectors - (1) voice phishing (vishing) of a Cisco representative to access cloud CRM (July 2025, confirmed); (2) exploitation of misconfigured Salesforce Experience Cloud (Aura) guest user permissions using a modified AuraInspector tool; (3) AWS credential theft via the March 19, 2026 Trivy supply chain compromise, enabling cloning of 300+ GitHub repositories and access to AWS S3 buckets and EC2 volumes.
• .Data: Over 3 million Salesforce CRM records (names, organization names, email addresses, phone numbers, Cisco-assigned user IDs, account metadata); GitHub source code for AI-powered products (AI Assistants, AI Defense, unreleased products); AWS S3 bucket contents; EC2 volume data; customer and partner source code from banks, BPOs, and government agencies.
• .Actor: ShinyHunters (Google GTIG: UNC6040/UNC6240/UNC6395; also tracked as part of "Trinity of Chaos" collective with Scattered Spider and Lapsus$). AWS/GitHub vector attributed to TeamPCP (aliases: PCPcat, DeadCatx3, ShellForce, Persy_PCP). Voice phishing vector attributed to UNC6040. Salesforce Aura vector attributed to ShinyHunters operators using modified Mandiant AuraInspector tool.
• .Impact: CSCO stock traded flat at $77.59 on March 31 following disclosure; extortion deadline April 3, 2026; no ransom amount publicly disclosed; third security incident in 18 months; potential regulatory exposure across CCPA, GDPR, and multiple international frameworks.

The ShinyHunters extortion claim published on March 31, 2026 is not a single breach. It is the aggregation of data from three distinct compromise vectors executed across a nine-month span - packaged into one extortion post with a four-day deadline.

Each vector exploited a different weakness in Cisco's security posture.

Vector 1: Voice Phishing (July 2025 - Confirmed). On July 24, 2025, a threat actor impersonating IT support personnel contacted a Cisco representative by phone and socially engineered them into granting access to a third-party cloud-based CRM system used by Cisco.

Google's Threat Intelligence Group tracks this vishing campaign as UNC6040, a cluster that has "consistently claimed to be the threat group ShinyHunters" via extortion emails from addresses such as shinygroup@tuta[.]com and shinycorp@tuta[.]com.

The attacker exported basic account profile information for Cisco.com registered users: names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account-related metadata such as creation dates.

" Cisco maintained that no "confidential or proprietary information or any passwords or other types of sensitive information" were obtained.

This is the data that forms the bulk of the "3 million Salesforce records" claimed by ShinyHunters - CRM account profiles for users who registered on Cisco.com, many of whom are employees of government agencies and defense organizations that procure Cisco products.

Vector 2: Salesforce Aura Exploitation (September 2025 - March 2026).

Beginning in September 2025, ShinyHunters operators launched a systematic campaign exploiting misconfigured Salesforce Experience Cloud (formerly Community Cloud) guest user access controls across hundreds of organizations.

In January 2026, the group began using a modified version of AuraInspector - an open-source tool originally developed by Mandiant and released on January 12, 2026 to help defenders identify misconfigurations - to automate scanning of public-facing Experience Cloud sites.

The attack methodology was straightforward: mass-scan public Experience Cloud URLs, probe the /s/sfsites/aura API endpoint, and query Salesforce CRM objects without authentication where guest user permissions were excessively permissive.

ShinyHunters claims to have breached between 100 and 400 organizations through this vector. Cisco's Salesforce Experience Cloud instance was among those targeted.

The data accessible through this vector is primarily names and phone numbers - contact-level data useful for further social engineering and vishing campaigns.

Salesforce publicly confirmed the campaign on March 11, 2026, emphasizing that "the resulting data theft and extortion campaign doesn't trace to a vulnerability in its platform" but rather to customer misconfigurations.

Vector 3: AWS/GitHub Compromise via Trivy Supply Chain Attack (March 2026).

On March 19, 2026, Aqua Security's Trivy - one of the most widely deployed open-source vulnerability scanners - was compromised in a sophisticated multi-phase supply chain attack orchestrated by TeamPCP (tracked as PCPcat, DeadCatx3, ShellForce, and Persy_PCP).

TeamPCP exploited a misconfigured pull_request_target workflow in Trivy's GitHub Actions to steal a Personal Access Token, then force-pushed 76 of 77 version tags in aquasecurity/trivy-action to point to malicious commits.

Any GitHub Actions workflow referencing a version tag automatically ran attacker-controlled code.

The malicious payload read directly from GitHub Actions Runner memory (/proc//mem), bypassing log-masking to harvest SSH keys, AWS/GCP/Azure credentials, Kubernetes tokens, Docker registry credentials, database passwords, TLS private keys, and cryptocurrency wallet files.

Stolen data was encrypted with AES-256-CBC and wrapped with RSA-4096, then exfiltrated to the typosquatted domain scan.aquasecurtiy[.]org, with fallback exfiltration via public GitHub repositories named tpcp-docs.

Cisco was among the organizations whose CI/CD pipelines ran the compromised Trivy action.

" The attackers cloned more than 300 private GitHub repositories containing source code for AI-powered products including "AI Assistants, AI Defense, and unreleased products," as well as source code belonging to Cisco's corporate customers - banks, business process outsourcing firms, and US government agencies.

Screenshots published by ShinyHunters show AWS EC2 volume creation dates of March 16-17, 2026, and more than 100 virtual storage drives. Cisco's Unified Intelligence Center, CSIRT, and EOC teams contained the breach. Affected systems were isolated and reimaged.

Wide-scale credential rotation was initiated. Dozens of devices were compromised, including developer and lab workstations.

On October 3, 2025, the "Trinity of Chaos" collective - the operational merger of ShinyHunters, Scattered Spider, and Lapsus$ announced via Telegram in August 2025 - launched a Tor-based data leak site listing 39 companies.

Cisco appeared on that list alongside Toyota, FedEx, Disney, Google, Air France, and others.

The collective threatened to release data from 760 companies totaling 1.5+ billion records if victims did not negotiate by October 10, 2025. The March 31, 2026 "FINAL WARNING" against Cisco represents the escalation of that earlier threat.

ShinyHunters is not a single cohesive group. It is an ecosystem.

Google's Threat Intelligence Group tracks the vishing intrusion operations as UNC6040, the subsequent extortion activity as UNC6240, and the Salesforce OAuth/Drift supply chain vector as UNC6395. Mandiant's research identified at least three distinct clusters operating under the ShinyHunters brand, sharing extortion infrastructure and tactics but operating with varying degrees of coordination.

The broader "Scattered Lapsus$ Hunters" (SLSH) collective - announced via Telegram on August 8, 2025 across at least 16 channels - explicitly merges the brands, personnel, and operational capabilities of Scattered Spider, Lapsus$, and ShinyHunters.

The Cisco extortion claim involves at least two distinct threat actor clusters. UNC6040 operators executed the July 2025 vishing attack using social engineering and phone-based impersonation - a technique consistent with Scattered Spider's documented tradecraft.

The Salesforce Aura exploitation was conducted by ShinyHunters operators using automated tooling. The AWS/GitHub compromise originated from TeamPCP's Trivy supply chain attack.

TeamPCP emerged as a cloud-focused cybercriminal operation in late 2025, tracked under aliases PCPcat, DeadCatx3, ShellForce, and Persy_PCP. The group has compromised at least 60,000 servers worldwide and conducted supply chain attacks against Trivy, KICS (Checkmarx), and LiteLLM (PyPI).

" The relationship between TeamPCP and ShinyHunters is opportunistic rather than organizational: ShinyHunters acquired and repackaged data obtained through TeamPCP's supply chain compromise of Trivy, combining it with data from their own vishing and Salesforce Aura operations to create a consolidated extortion package.

IntelBroker - the BreachForums administrator who claimed the October 2024 Cisco DevHub breach (4.5 TB of code, credentials, and API tokens from a misconfigured public-facing developer portal) - operates in the same forum ecosystem.

IntelBroker assumed BreachForums ownership in August 2024, a role previously held by ShinyHunters.

The October 2024 and March 2026 incidents target different infrastructure (DevHub vs. CRM/AWS/GitHub) but reflect the same underlying pattern: Cisco's externally facing systems and third-party integrations are repeatedly targeted by overlapping threat actor communities.

Salesforce CRM Records (3+ million, claimed):

• .Full names of Cisco.com registered users
• .Organization names
• .Residential and business addresses
• .Cisco-assigned user IDs
• .Email addresses
• .Phone numbers
• .Account-related metadata (creation dates, account types)
• .Records include personnel from US federal agencies: FBI, DHS, DISA, IRS, NASA
• .Records include personnel from the Australian Ministry of Defence
• .Records include personnel from multiple Indian government agencies
• .Records tied to Cisco product procurement and configuration activities

GitHub Source Code (300+ repositories):

• .Source code for Cisco AI Assistants (unreleased product)
• .Source code for Cisco AI Defense (unreleased product)
• .Source code for additional unreleased AI-powered products
• .Customer source code from banks and financial institutions
• .Customer source code from business process outsourcing firms
• .Customer source code from US government agencies
• .Repository metadata, commit histories, and developer identities

AWS Infrastructure Data:

• .AWS S3 bucket contents (scope undisclosed)
• .AWS EC2 volume data (100+ virtual storage drives visible in screenshots)
• .EC2 volumes created March 16-17, 2026
• .AWS account configuration data

Salesforce Aura Data (scope undisclosed):

• .Names and phone numbers harvested from misconfigured Experience Cloud guest user access
• .Additional CRM object data accessible through unauthenticated Aura API queries

The government agency data is the most sensitive element. These are not records of classified systems - they are CRM records for government employees who registered on Cisco.com to procure, configure, or manage Cisco products.

The records contain professional contact information (names, agency email addresses, direct phone numbers) for personnel at intelligence, defense, and law enforcement agencies.

This data enables targeted social engineering, spear-phishing, and vishing campaigns against high-value government targets by threat actors who now possess verified contact details and organizational affiliations.

The source code exposure is equally consequential. Cisco's unreleased AI products represent competitive intelligence with direct market value.

Customer source code from banks and government agencies hosted in Cisco's GitHub environment represents a supply chain risk: attackers with access to a financial institution's source code can identify vulnerabilities, API keys, and architectural weaknesses for downstream exploitation.

1. Voice Phishing Succeeded Against a Cisco Representative (July 2025). A threat actor impersonating IT support personnel socially engineered a Cisco employee via telephone into granting access to a cloud-based CRM system.

Cisco - a company that sells security products and services - had a representative fall for a vishing call.

This indicates either insufficient security awareness training specific to vishing tactics, absence of callback verification procedures for IT support requests, or lack of out-of-band authentication requirements before granting CRM access.

The fact that a single phone call yielded CRM access to 3+ million records suggests no step-up authentication or supervisor approval was required for privileged CRM operations.

2. Salesforce Experience Cloud Guest User Permissions Were Excessively Permissive. Cisco's Salesforce Experience Cloud instance had guest user access controls configured in a way that allowed unauthenticated API queries through the /s/sfsites/aura endpoint.

This is a known misconfiguration that Salesforce, Mandiant, and the FBI have all warned about since at least September 2025. The misconfiguration is not a platform vulnerability - it is a customer configuration error.

Cisco failed to follow Salesforce's own security guidance: disable public APIs for guest users, change default permissions to private, and deactivate portal visibility for guest accounts.

The FBI issued a flash warning about this exact attack vector on September 12, 2025. Cisco's Experience Cloud instance remained misconfigured for at least six months after that warning.

3. Trivy Supply Chain Compromise Harvested CI/CD Credentials. Cisco's development environment ran Trivy vulnerability scans via GitHub Actions using version-tag references (e.g., @v0.28.0) rather than pinned SHA commit hashes.

When TeamPCP force-pushed malicious commits to 76 of 77 Trivy version tags, Cisco's CI/CD pipelines automatically executed attacker-controlled code. The malicious payload read AWS credentials directly from runner process memory, bypassing GitHub's log-masking.

This is not a failure unique to Cisco - any organization referencing Trivy GitHub Actions by version tag was vulnerable. However, pinning actions to full SHA hashes is a well-documented security best practice that would have prevented execution of the tampered code.

4. AWS Credentials from CI/CD Were Not Scoped or Segmented. The AWS keys harvested from Cisco's GitHub Actions runners provided access to S3 buckets, EC2 volumes, and the ability to clone 300+ repositories.

This indicates the CI/CD pipeline credentials had broad permissions across multiple AWS accounts and services rather than scoped, least-privilege access limited to the specific build artifacts required.

AWS IAM best practices mandate that CI/CD credentials be scoped to the minimum required permissions with short-lived session tokens (STS AssumeRole), not long-lived access keys with broad account access.

5. 300+ Private GitHub Repositories Accessible from Compromised Credentials.

A single set of stolen credentials - or a small number of compromised service accounts - provided access to more than 300 private repositories, including unreleased AI product source code and customer source code. This reflects insufficient repository access segmentation.

Customer code should be isolated in separate GitHub organizations or environments with independent credential stores, not accessible from the same service account that manages Cisco's internal repositories.

6. No Effective Detection of Bulk Repository Cloning. The attacker cloned more than 300 repositories. BleepingComputer reported that "dozens of devices" were compromised, including developer and lab workstations.

The bulk cloning of hundreds of repositories generates significant network traffic and GitHub API activity that should trigger anomaly detection.

The fact that Cisco's CSIRT and EOC teams eventually contained the breach suggests detection did occur, but the timeline between compromise and containment allowed substantial exfiltration.

7. Third Security Incident in 18 Months Without Architectural Remediation. October 2024: IntelBroker downloaded 4.5 TB from a misconfigured DevHub portal. Cisco acknowledged a "configuration error" that exposed files not intended for public access.

July 2025: UNC6040 vished a Cisco representative and exported CRM data. " March 2026: TeamPCP harvested CI/CD credentials and ShinyHunters aggregated data from three vectors into a single extortion package.

The pattern is consistent: externally facing systems and third-party integrations are repeatedly compromised because each incident is treated as isolated rather than symptomatic of systemic weaknesses in Cisco's external attack surface management, third-party integration security, and credential hygiene.

Threat Actor Aliases:

• .ShinyHunters (extortion operator)
• .UNC6040 (Google GTIG - vishing intrusion cluster)
• .UNC6240 (Google GTIG - extortion cluster)
• .UNC6395 (Google GTIG - Salesforce OAuth/Drift cluster)
• .Trinity of Chaos (combined Scattered Spider + Lapsus$ + ShinyHunters collective)
• .TeamPCP / PCPcat / DeadCatx3 / ShellForce / Persy_PCP (Trivy supply chain attack)
• .CipherForce (TeamPCP ransomware operation)

Malicious Domains:

• .scan.aquasecurtiy[.]org (typosquat of aquasecurity.org - Trivy exfiltration C2)

IP Addresses:

• .45[.]148[.]10[.]212 (Trivy supply chain attack infrastructure)

Malicious Packages and Versions:

• .Trivy v0.69.4 (backdoored binary distributed to GitHub Releases, Docker Hub, GHCR, Amazon ECR)
• .trivy-action - 76 of 77 version tags force-pushed to malicious commits
• .47+ npm packages compromised via CanisterWorm (specific package names not fully disclosed)
• .LiteLLM (PyPI - compromised by TeamPCP)
• .Checkmarx KICS (compromised by TeamPCP)

Safe Versions:

• .Trivy v0.69.3 (last known clean version)
• .trivy-action v0.35.0 (last known clean version)
• .setup-trivy v0.2.6 (last known clean version)

Persistence Mechanisms:

• .sysmon.py systemd service (polls ICP blockchain canister every 50 minutes for C2 instructions)
• .pgmon systemd service
• .tpcp-docs GitHub repositories (fallback exfiltration via victim's own GitHub PAT)

Exfiltration Methods:

• .AES-256-CBC encryption wrapped with RSA-4096 for stolen credential data
• ./proc//mem reading to harvest credentials from GitHub Actions Runner memory
• .Salesforce Data Loader (legitimate tool abused for CRM data export)
• .Modified AuraInspector (Mandiant tool weaponized for Salesforce Aura scanning)

Extortion Communication:

• .shinygroup@tuta[.]com
• .shinycorp@tuta[.]com
• .Trinity of Chaos Tor leak site (launched October 3, 2025)
• .SLSH 6.0 Part 3 Telegram channel

MITRE ATT&CK Techniques:

• .T1195.002 - Supply Chain Compromise: Compromise Software Supply Chain (Trivy)
• .T1078.004 - Valid Accounts: Cloud Accounts (stolen AWS credentials)
• .T1566.001 - Phishing: Spearphishing Attachment (TeamPCP npm/PyPI payloads)
• .T1566.004 - Phishing: Spearphishing Voice (UNC6040 vishing)
• .T1528 - Steal Application Access Token (Salesforce OAuth abuse)
• .T1059.006 - Command and Scripting Interpreter: Python (sysmon.py persistence)
• .T1102 - Web Service (ICP blockchain canister for C2)
• .T1537 - Transfer Data to Cloud Account (tpcp-docs GitHub exfiltration)
• .T1530 - Data from Cloud Storage (AWS S3 bucket access)
• .T1213 - Data from Information Repositories (GitHub repository cloning)
• .T1003 - OS Credential Dumping (/proc/pid/mem credential harvesting)

• .CCPA/CPRA (California) - Cal. Civ. Code 1798.100 et seq.: Cisco is headquartered in San Jose, California. The CRM data includes names, email addresses, phone numbers, and organizational affiliations - all qualifying as personal information under CCPA. If any California residents' data was exposed and Cisco failed to implement reasonable security measures, statutory damages of $100-$750 per consumer per incident apply. With 3+ million records, even partial California residency yields potential exposure in the hundreds of millions. CPRA's expanded definition of "service providers" applies to Salesforce as Cisco's data processor. California AG notification required for breaches affecting 500+ residents.

• .GDPR (EU) - Articles 5(1)(f), 32, 33, 34: Cisco operates extensively in the EU with offices in every major member state. EU residents' data in the CRM system triggers GDPR jurisdiction. Article 33 requires 72-hour notification to the lead supervisory authority (likely the Irish DPC, given Cisco's EU operations). Article 32 requires security measures appropriate to the risk - a misconfigured Salesforce Experience Cloud instance exposing data to unauthenticated API queries does not meet this standard. Article 5(1)(f) mandates integrity and confidentiality of personal data. Maximum fine: up to EUR 2.27 billion (4% of $56.7 billion annual global revenue). GDPR applies regardless of where the breach occurred - Cisco processes EU personal data and is subject to EU jurisdiction.

• .UK GDPR / DPA 2018 - Cisco maintains significant UK operations. ICO notification required within 72 hours for breaches posing risk to individuals. Government agency employee contact data heightens the risk assessment. Maximum fine: up to GBP 17.5 million or 4% of annual global turnover, whichever is higher.

• .SEC 8-K Disclosure (US) - Cisco trades on NASDAQ (CSCO). The Trivy-linked breach affecting AI product source code and customer data warrants materiality assessment. If deemed material, an 8-K filing is required within 4 business days of the materiality determination. CSCO traded at $77.59 on March 31 - the market response suggests investors have not yet priced in the full scope of the claims. Cisco's market cap of ~$316 billion means even modest stock impact translates to billions in shareholder value.

• .FTC Act Section 5 - Three security incidents in 18 months involving externally facing systems and third-party integrations may constitute a pattern of unfair or deceptive practices if Cisco's public security commitments diverge from its actual security posture. The FTC has pursued technology companies for repeated security failures following public assurances of remediation.

• .US Federal Government Contractor Requirements - Cisco products are deployed across US federal agencies. CRM records containing FBI, DHS, DISA, IRS, and NASA employee data may trigger FISMA, DFARS 252.204-7012 (Safeguarding Covered Defense Information), and CISA reporting requirements. Agencies may require Cisco to demonstrate compliance with NIST SP 800-171 for handling of controlled unclassified information.

• .Australian Privacy Act 1988 - Records of Australian Ministry of Defence personnel trigger Australian jurisdiction. The Notifiable Data Breaches (NDB) scheme requires notification to the Office of the Australian Information Commissioner within 30 days if the breach is likely to result in serious harm. Defence employee contact information warrants serious harm assessment.

• .India Digital Personal Data Protection Act 2023 - Records of Indian government agency personnel trigger DPDPA jurisdiction. The Act mandates notification to the Data Protection Board of India and affected individuals. Cisco's operations in India and the presence of Indian government employee data create dual jurisdiction.

• .Saudi Arabia PDPL - Cisco operates in Saudi Arabia and serves Saudi government and enterprise clients. If any Saudi residents' data is in the CRM records, PDPL fines up to SAR 5 million (~$1.3 million) apply. SDAIA enforcement.

• .UAE PDPL (Federal Decree-Law No. 45/2021) - Cisco maintains offices in Dubai and Abu Dhabi. UAE resident data in the CRM triggers PDPL jurisdiction. Fines up to AED 10 million. DIFC and ADGM data protection regulations may apply separately for financial free zone operations.

1. The claim of "3 million Salesforce records" has not been independently verified. Cisco's August 2025 disclosure described the vishing-obtained data as "basic account profile information" without quantifying the number of records.

Whether the 3 million figure includes data from the Aura exploitation vector, the July 2025 vishing theft, or both combined has not been confirmed by any source other than ShinyHunters.

2. The specific scope and contents of data accessed through Cisco's AWS accounts have not been disclosed.

BleepingComputer reported "unauthorized activities across a small number of Cisco AWS accounts," but what specific data resided in the S3 buckets and EC2 volumes - beyond source code repositories - is unknown.

Whether customer production data, network telemetry, or security product configurations were accessible has not been established.

3. The relationship between TeamPCP and ShinyHunters in this specific extortion is unclear.

Whether ShinyHunters purchased the Cisco data from TeamPCP, whether TeamPCP operators are ShinyHunters affiliates, or whether ShinyHunters simply aggregated publicly available breach information alongside their own vishing and Aura data has not been confirmed.

The aggregation of three separate vectors into one extortion package may overstate ShinyHunters' direct access.

4. Cisco has not disclosed the dwell time for the Trivy-linked compromise. BleepingComputer reported the attack originated from the March 19 Trivy compromise, but screenshots show EC2 volumes created March 16-17 - two days before the reported Trivy breach date.

Whether the attackers had earlier access through a different vector, or whether the Trivy compromise timeline extends earlier than publicly reported, is unresolved.

5. Whether any classified or controlled unclassified information (CUI) was present in the CRM records or GitHub repositories has not been assessed.

Government agency employee contact data in a commercial CRM is not classified, but the source code for products sold to defense and intelligence agencies may contain CUI designations, export-controlled technical data, or ITAR-restricted information.

6. No ransom amount has been publicly disclosed for the March 2026 Cisco extortion. The October 2025 Trinity of Chaos campaign set deadlines but did not publicly specify ransom demands for individual companies.

Whether Cisco received a specific financial demand or only a threat of data publication is unknown.

7. Whether Cisco has completed credential rotation for all AWS accounts and GitHub service accounts accessed via the Trivy compromise has not been confirmed.

BleepingComputer reported that "wide-scale credential rotation" was initiated, but the completeness of this remediation - particularly for long-lived secrets embedded in source code or configuration files within the 300+ cloned repositories - is unknown.

1. Pin All GitHub Actions to Full SHA Commit Hashes. The Trivy supply chain attack succeeded because Cisco's CI/CD pipelines referenced GitHub Actions by version tags (e.g., @v0.28.0) rather than immutable SHA commit hashes.

When TeamPCP force-pushed malicious commits to 75 version tags, every pipeline using those tags automatically executed attacker-controlled code. Pin every GitHub Action to the full 40-character SHA hash of a verified commit.

This single change prevents tag-poisoning attacks entirely because SHA hashes cannot be force-pushed to point to different commits. GitHub's own security guidance recommends this practice. Implement automated verification that no workflow files reference actions by tag.

2. Scope CI/CD Credentials to Minimum Required Permissions with Short-Lived Tokens. The AWS keys harvested from Cisco's GitHub Actions runners provided access to S3 buckets, EC2 volumes, and 300+ repositories.

CI/CD pipelines should never use long-lived AWS access keys with broad permissions. Implement AWS STS AssumeRole with session duration limited to the build duration (15-60 minutes).

Scope IAM policies to the specific S3 paths, ECR repositories, and services required by each pipeline. Deploy AWS Organizations SCPs (Service Control Policies) to prevent CI/CD roles from accessing resources outside their designated accounts.

Use GitHub's OIDC integration with AWS to eliminate static credentials entirely.

3. Remediate Salesforce Experience Cloud Guest User Access Immediately. Cisco's Salesforce Experience Cloud instance remained misconfigured for at least six months after the FBI issued a flash warning (September 12, 2025) about this exact attack vector.

" Disable self-registration where unnecessary. Deactivate portal visibility for guest accounts. Deploy the Mandiant AuraInspector tool in its intended defensive capacity to audit all Experience Cloud configurations.

Implement continuous monitoring for unauthenticated Aura API queries.

4. Deploy Anti-Vishing Controls for CRM Access. A single vishing call to a Cisco representative yielded access to 3+ million CRM records. Implement mandatory callback verification for all IT support requests - no CRM access or privilege changes based on inbound calls.

Deploy FIDO2/WebAuthn hardware security keys for CRM administrative access that cannot be socially engineered over the phone. Require supervisor approval and out-of-band authentication for bulk data export operations.

Implement CRM data loss prevention controls that alert on export volumes exceeding normal operational thresholds. The July 2025 vishing succeeded because organizational process failed, not because technology failed - procedural controls must match technical controls.

5. Isolate Customer Code from Internal Repositories. Customer source code from banks, BPOs, and government agencies was accessible from the same credentials that accessed Cisco's internal AI product repositories.

Customer code must be hosted in separate GitHub organizations with independent credential stores, separate AWS accounts, and no trust relationships to Cisco's internal development environment.

A compromise of Cisco's CI/CD pipeline should never cascade to customer intellectual property. This is a fundamental principle of multi-tenant security that was violated.

6. Conduct a Comprehensive External Attack Surface Audit.

Three incidents in 18 months - DevHub misconfiguration (October 2024), CRM vishing (July 2025), and CI/CD credential theft plus Salesforce Aura exposure (March 2026) - indicate that Cisco's external-facing systems and third-party integrations are systematically under-secured.

Commission an independent external attack surface assessment covering all public-facing portals, cloud CRM instances, Experience Cloud deployments, CI/CD pipelines, and third-party integrations.

Treat the findings as a board-level remediation initiative, not a routine security project.

A company that sells security products to the world's largest enterprises and governments cannot sustain a pattern of serial external compromise without existential reputational consequences.

BleepingComputer, Cybernews, CyberSecurity News, Cryptika Cybersecurity, GBHackers, SOCRadar, TipRanks, Palo Alto Networks Unit 42, Resecurity, SecurityWeek, Help Net Security, GovInfoSecurity, Salesforce Ben, BankInfoSecurity, Varonis, The Hacker News, Obsidian Security, SecurityAffairs, Infosecurity Magazine, Computing.co.uk, Krebs on Security, SC Media, Cisco PSIRT, Google Cloud Threat Intelligence Blog, Flare.io, Wiz Cloud Threat Landscape, SANS ISC, Cyble, Dark Reading, dev.ua, TechNadu, Cisco Investor Relations