TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)

**Executive summary:** This update consolidates April 3–8, 2026 intelligence on the TeamPCP supply-chain campaign: Trivy (CVE-2026-33634)–derived credentials enabled attackers to breach Cisco's development environment (300+ private repos and AWS keys exfiltrated), ShinyHunters and CipherForce pursued extortion and data publication campaigns (with mixed operational success), Google GTIG formally designated the actor UNC6780 and named the SANDCLOCK stealer, Mandiant reports 1,000+ compromised SaaS environments, and organizations are urged to patch, rotate exposed credentials, and hunt for UNC6780 indicators.