Trellix Discloses Source Code Repository Breach
Cybersecurity vendor Trellix has revealed that threat actors gained unauthorized access to a portion of its source code repository, raising concerns about potential supply chain attacks.
Trellix, the cybersecurity company formed from the merger of McAfee Enterprise and FireEye, disclosed on May 4 that it had identified unauthorized access to a portion of its source code repository. The company stated that it has notified law enforcement and is working with leading forensic experts to determine the full scope of the incident. In its initial statement, Trellix emphasized that it has found no evidence that its source code release or distribution process was affected, nor that the source code has been exploited.
The breach of the breach remains unclear, and Trellix has declined to provide further details, stating that it will share information once the investigation is complete. The incident has drawn attention from security experts who warn that access to a security vendor's source code could provide attackers with a significant advantage. Isaac Evans, founder of software security firm Semgrep, noted that for security companies, source code access can give attackers a roadmap to where controls live, how detections are written, and where trusted update or build paths may be exposed. The breach comes amid a broader pattern of attacks targeting security vendors and software supply chains. Recent incidents include compromises at Aqua Security and Checkmarx following a software supply chain attack targeting the Trivy security scanner, which exposed countless enterprise secrets. Additionally, Google Cloud's Wiz Security reported in March that the TeamPCP group behind the Trivy campaign may be collaborating with the notorious extortion group Lapsus$ to monetize stolen credentials, with signs of further collaboration with the Vect ransomware group. Trellix, which is privately held and owned by private equity firm Symphony Technology Group, sells threat intelligence and AI-powered detection and response services including NDR and EDR, as well as data security and email security. The company's products are widely used by enterprises and government agencies, making the breach particularly concerning for its customer base. The incident highlights the growing risk of supply chain attacks, where threat actors target security vendors to gain insight into defensive tooling and potentially compromise downstream customers. The investigation is ongoing, and Trellix has not yet disclosed the identity of the attackers or the specific methods used to gain access. The company has urged customers to remain vigilant and has promised to provide updates as more information becomes available. The incident serves as a stark reminder that even cybersecurity vendors are not immune to breaches, and that the software supply chain remains a critical vulnerability in the modern threat landscape.