Trellix Investigates Breach of Source Code Repository
Trellix, a global cybersecurity firm protecting over 200 million endpoints, has confirmed that unauthorized actors gained access to a portion of its source code repository.
Cybersecurity firm Trellix has confirmed a data breach involving unauthorized access to a portion of its source code repository. The company, which serves over 50,000 business and government customers and protects more than 200 million endpoints, is currently working with external forensic experts to investigate the scope and origin of the intrusion BleepingComputer.
While the company has not disclosed the specific timeline of the breach or the identity of the attackers, it has confirmed that law enforcement has been notified SecurityWeek. In an official statement, Trellix emphasized that its investigation has so far yielded no evidence that the accessed source code was altered, exploited, or that the company’s software release and distribution processes were compromised BleepingComputer.
The incident at Trellix follows a string of similar security events targeting the software development infrastructure of major cybersecurity firms. Industry observers have noted that the timing of the breach aligns with a broader, ongoing campaign targeting CI/CD pipelines and open-source applications SecurityWeek. These attacks often involve the compromise of development environments to distribute trojanized updates or malicious extensions, facilitating the exfiltration of credentials and proprietary code SecurityWeek.
Other organizations have recently faced similar challenges. For instance, Checkmarx recently confirmed that the LAPSUS$ hacking group leaked data stolen from its private GitHub repository, while Cisco reported an incident where attackers used credentials compromised in a supply chain attack against Trivy to access its internal development environment BleepingComputer. These incidents underscore a growing trend where threat actors exploit trust in software development infrastructure to gain access to enterprise environments SecurityWeek.
Trellix has stated that it intends to provide further updates once its internal investigation is complete BleepingComputer. Until then, the company has declined to provide specific details regarding whether a ransom demand was made or if corporate and customer data beyond the source code repository was accessed BleepingComputer.
The breach highlights the persistent risks facing the software supply chain, where attackers increasingly target the tools and repositories that developers rely on to build and deploy software. As organizations continue to grapple with these threats, the incident serves as a reminder of the critical need to secure CI/CD pipelines and development environments against unauthorized access. Further developments are expected as Trellix concludes its forensic probe SecurityWeek.