Trellix confirms breach after attackers access portion of source code repo

Trellix, the cybersecurity vendor born from the 2021 McAfee Enterprise and FireEye merger, has disclosed unauthorized access to part of its source code repository. The company protects over 200 million endpoints across 50,000+ business and government customers, making any code exposure a potential downstream risk to a substantial customer footprint. Outside forensic experts have been engaged and law enforcement notified.

Trellix says it has found no evidence so far that the accessed code was altered, exploited, or that its release and distribution pipeline was tampered with. The company has declined to specify when the breach was detected, whether customer or corporate data was also taken, or whether a ransom was demanded, deferring further detail until the investigation concludes.

The incident extends a recent pattern of source code repositories being targeted at security vendors. LAPSUS$ leaked data from a private Checkmarx GitHub repo, Cisco confirmed source code theft from its internal dev environment via credentials compromised in the Trivy supply chain attack, and HackerOne disclosed employee data exposure through a breached benefits administrator. Repository access at security firms is increasingly being treated as a high-value foothold for follow-on supply chain attacks.