TECH cybersecurity vendor Trellix said last Friday that a threat actor gained unauthorised access to “a portion of our source code repository,” though it did not specify which portion or provide further details. The company added that, based on its investigation to date, there is no evidence that its source code release or distribution process was affected or that the source code itself has been exploited, and it plans to share more details once the investigation is complete.
Trellix said it immediately engaged leading forensic experts and notified law enforcement, but questions remain about where the repository resides, how it was compromised, and who was behind the attack. The breach is tied to growing concerns over supply chain threats in the cybersecurity industry, with prior incidents at Trivy and KICS involving TeamPCP targeting GitHub Actions workflows to push poisoned open-source tools.
No threat actor has claimed credit for the Trellix breach, and analysts have cautioned that even read-only access can pose risks if it intersects with CI/CD operations, signing keys or publishing credentials.