All incidents

Trellix suffers source code repository breach

campaignclosedMay 2, 2026 — May 8, 2026
Trellix suffers source code repository breach

TRELLIX confirmed on 8 May 2026 that an unauthorised party gained access to part of its source code repository, a breach claimed by the ransomware group RansomHouse and linked to the threat actor TeamPCP. The company said it began an investigation with forensic experts and notified law enforcement, adding that there is no evidence the source code release or distribution process was tampered with or exploited.

According to the statement released on the Trellix website here, the intrusion was limited to a segment of the codebase and the exact data accessed remains unclear. Trellix stressed that, to date, its analysis shows no alteration of the source code and no impact on its build or update mechanisms.

RansomHouse posted screenshots on its Tor leak site to demonstrate access, a claim reported by SecurityAffairs here and echoed by SecurityWeek here. Researchers noted the timing overlaps with recent supply chain activity attributed to TeamPCP, although no direct connection has been verified.

While Trellix maintains there is no sign that the stolen code has been used in attacks, security analysts warn that exposure could enable threat actors to hunt for vulnerabilities or craft targeted supply chain compromises. The incident highlights the broader risk to organisations that rely on third‑party code integrity.

Defenders should review any Trellix‑signed binaries or updates for unexpected changes and monitor network traffic for signs of reconnaissance or lateral movement that might follow a code‑level audit. Keeping dependency lists up to date and verifying software provenance can reduce the chance of a compromised component entering production environments.

Organisations are advised to stay tuned for further details from Trellix as its investigation concludes, to engage with their own incident response teams if any anomalies are detected, and to liaise with law‑enforcement contacts should indicators of compromise emerge. Prompt patching and rigorous code‑signing checks remain essential steps in mitigating the fallout from such a breach.

Intelligence briefing updated Jun 14, 2026

RansomHouse TeamPCP
Root sourcewww.trellix.com
Timeline Coverage

Swipe to explore timeline