Trellix, the cybersecurity vendor formed from FireEye and McAfee Enterprise, disclosed that a threat actor gained unauthorized access to a portion of its source code repository. The company found no evidence that its release or distribution process was affected, but details remain scarce. Security researchers warn that even read-only source code access can expose where a product's security controls are located and how detections are designed, giving attackers a strategic advantage. The breach is part of a broader trend of supply chain attacks targeting security vendors, including recent TeamPCP attacks on Trivy and KICS via GitHub Actions CI/CD workflows, and a 2025 nation-state breach of F5's BIG-IP environment. Key risks include potential access to CI/CD secrets, signing keys, and package publishing credentials that could allow attackers to tamper with what gets shipped to end users.
Sort: