Trellix Confirms Source Code Breach via Unauthorized Repository Access

Enterprise cybersecurity company Trellix confirmed unauthorized access to a portion of its source code repository, engaging forensic experts and notifying law enforcement. The company stated there is no evidence that its source code release or distribution process was affected, or that the source code has been exploited. The attack vector and threat actor identity remain undisclosed. For a company whose products protect thousands of enterprise environments globally, unauthorized read access to source code carries serious implications, as attackers could study the code to find vulnerabilities or plan targeted attacks. The incident echoes similar high-profile source code breaches at Microsoft, Okta, and LastPass in recent years.