Cybersecurity firm Trellix confirmed a breach of part of its source code repository, though details remain scarce. The company is working with forensic experts and has notified law enforcement. Trellix says there's no evidence its code release process was compromised or that the source code was exploited — but a full investigation is still underway.
The breach may tie into a broader supply chain campaign linked to hacker groups TeamPCP and Lapsus$, which also hit Checkmarx, Aqua Security, and Bitwarden. Attackers reportedly compromised CI/CD pipelines to push malicious updates and steal credentials at scale.
Source: SecurityWeek