Trellix Confirms Source Code Breach With Unauthorized Repository Access

Trellix Confirms Source Code Breach With Unauthorized Repository Access Ravie LakshmananMay 02, 2026Data Breach / Enterprise Security Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter immediately. It also said it has notified law enforcement of the matter. Trellix did not disclose the exact nature of the data that may have been accessed by the attackers. However, it pointed out that there are no indications that its source code has been affected or exploited. "Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited," the company added.  The company did not share any details about who may be behind the incident, and for how long the attackers had access to its systems. Trellix noted that additional information will be shared as appropriate once its investigation is complete. Owned by Symphony Technology Group, Trellix was founded in January 2022 following the merger of McAfee Enterprise and FireEye. Around the same time, Mandiant, which was owned by FireEye, was acquired by Google in a deal worth $5.4 billion. When reached for comment, a spokesperson for Trellix acknowledged the breach and shared the same official statement posted on its website. (This is a developing story. Please check back for more details.) Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Corporate security, cybersecurity, data breach, digital forensics, enterprise security, Incident response, law enforcement, software security, source code, Threat Investigation ⚡ Top Stories This Week Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking and More Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Load More ▼ ⭐ Featured Resources [Webinar] Stop Chasing Alerts and Start Focusing on Real Exposures [Guide] How to Enable Secure Data Movement Without Added Risk [Guide] Learn a Practical Framework to Evaluate AI Tools for Production Learn How Hidden Identity Blind Spots Weaken Your Security Systems