Trellix Investigates Source Code Breach Following RansomHouse Claims
Cybersecurity firm Trellix is investigating a breach of its source code repositories, an incident for which the ransomware group RansomHouse has now claimed responsibility.

Cybersecurity firm Trellix has confirmed a security breach involving unauthorized access to a portion of its source code repositories. The company, which was formed in 2022 following the merger of McAfee Enterprise and FireEye, identified the unauthorized access recently and has since engaged forensic experts to investigate the incident. Law enforcement agencies have also been notified of the breach The Hacker News.
While Trellix has not disclosed the specific nature of the data accessed, it has publicly stated that its internal investigation has found no evidence that its source code release or distribution processes were compromised. Furthermore, the company maintains that there is no indication that its source code has been exploited by the unauthorized parties The Hacker News.
The situation escalated on May 7, 2026, when the ransomware group known as RansomHouse claimed responsibility for the attack. The group listed Trellix on its public data leak site, prompting the company to acknowledge the claims. A Trellix spokesperson stated that the firm is currently investigating the connection between the initial repository breach and the claims made by RansomHouse The Hacker News.
Trellix has remained tight-lipped regarding the timeline of the intrusion, including how long the attackers maintained access to its systems before being detected. The company has promised to provide additional information as its investigation concludes, though it has not yet confirmed the extent of the data exfiltration or the specific methods used by the threat actors to gain entry The Hacker News.
This incident highlights the ongoing risks faced by major cybersecurity vendors, who are increasingly becoming high-value targets for sophisticated ransomware syndicates. The breach of a security company's internal infrastructure—particularly its source code repositories—raises concerns about potential supply chain risks, even if the vendor currently asserts that its distribution channels remain secure. Security researchers and customers will likely be watching for further disclosures regarding the scope of the data accessed and whether any proprietary intellectual property was compromised during the unauthorized access period The Hacker News.