The TeamPCP (UNC6780) campaign weaponized the Trivy open-source security scanner as a CI/CD pipeline attack vector, resulting in confirmed Cisco source code exfiltration; no CVE has been assigned to the Trivy exploitation mechanism as of the data capture date. This campaign inverts a core DevSecOps trust assumption — security tooling itself is the attack surface — and carries second-order downstream risk if stolen Cisco source code is analyzed for novel vulnerabilities affecting enterprise networking and security products. Immediate actions: audit Trivy deployment permissions and apply least-privilege scoping, review CI/CD pipeline logs for anomalous Trivy process behavior or credential access, cross-reference SANS ISC and Google GTIG IOCs against SIEM and EDR telemetry, and monitor Cisco PSIRT for new CVE disclosures that may stem from this source code exposure.