Close Menu

    Stay Ahead with Exclusive Updates!

    Enter your email below and be the first to know what’s happening in the ever-evolving world of technology!

    What's Hot

    The API That Powered GIFs Across Every App You Use Just Disappeared. Here Is the Scramble It Left Behind and What Fills the Gap

    July 16, 2026

    Japan Is Running Out of Workers and Has Decided Robots Are the Only Realistic Answer. The Plan to Deploy 10 Million of Them by 2040 Is the Most Ambitious Industrial Policy Any Country Has Announced This Decade

    July 16, 2026

    Google Just Launched Gemini Omni Flash and It Can Create and Edit Video in Real Time. Here Is What That Changes About AI Video Tools

    July 16, 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter)
    PhronewsPhronews
    • Home
    • Big Tech & Startups

      The API That Powered GIFs Across Every App You Use Just Disappeared. Here Is the Scramble It Left Behind and What Fills the Gap

      July 16, 2026

      China Just Ordered ByteDance and Alibaba to Shut Down Personalized AI Companion Features by July 15. The Regulation Behind the Ban Is the Most Restrictive AI Law Any Government Has Passed This Year.

      July 15, 2026

      Gemini 3.5 Pro Missed Its June Deadline and Is Now Pointing to July. For Google’s Most Anticipated Model of the Year, Every Week of Delay Has a Cost.

      July 15, 2026

      Meta Is Planning to Sell Its Excess AI Compute to Outside Customers. The Company That Was Rationed Gemini Access by Google Just Positioned Itself to Become a Cloud Provider.

      July 15, 2026

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      July 14, 2026
    • Crypto

      Market Collapse: What Happened to NFTs?

      April 23, 2026

      Quantum Computing Advances Force Coinbase and Institutional Custodians to Rethink Crypto Security

      March 8, 2026

      AI Assisted Hacking Groups Target Crypto Firms With Multi-Layered Social Engineering

      February 18, 2026

      Global Crypto Regulations Expand as 2026 Begins With New Data Collection Frameworks and National Laws

      January 16, 2026

      Coinbase Bets on Stablecoin and On-Chain Growth as Key Market Drivers in 2026 Strategy

      January 10, 2026
    • Gadgets & Smart Tech
      Featured

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      By preciousJuly 14, 2026
      Recent

      Tesla Just Launched Its Robotaxi in Miami with No Safety Monitor Inside the Car

      July 14, 2026

      Google’s New Smart Speaker Has Gemini Built In and Works With Everything. Here Is Whether It Is Finally Worth Switching From Amazon Echo or Apple HomePod

      July 4, 2026

      Tesla Is Teaching Its Self-Driving AI With Millions of Fake Crashes. Here Is Why That Might Make Real Roads Safer

      June 30, 2026
    • Cybersecurity & Online Safety

      Hackers Stole 630GB of Apple and Tesla Manufacturing Secrets from Tata Electronics. The Breach Confirms Everything Supply Chain Security Experts Have Warned About for Years.

      July 9, 2026

      Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

      July 6, 2026

      Buying World Cup Tickets Online? Scammers Are Already Waiting. Here Is How to Protect Yourself for the Rest of the Tournament.

      July 4, 2026

      Researchers Found an Attack Spreading Through GitHub Like a Parasite. They Named It Cordyceps and It Is Already in 300+ Repositories

      July 4, 2026

      AI Is Now Writing Phishing Emails Good Enough to Fool Your Best Employees. Here Is How to Spot Them

      July 4, 2026
    PhronewsPhronews
    Home»Cybersecurity & Online Safety»A Cybersecurity Firm Just Had Its Own Source Code Stolen. Trellix’s Breach Is the Most Embarrassing Kind and the Most Instructive One.
    Cybersecurity & Online Safety

    A Cybersecurity Firm Just Had Its Own Source Code Stolen. Trellix’s Breach Is the Most Embarrassing Kind and the Most Instructive One.

    preciousBy preciousMay 22, 2026No Comments
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Photo Credit: The Hacker News

    Trellix, a global cybersecurity company formed from the 2021 merger of McAfee Enterprise and FireEye, has confirmed that attackers gained unauthorized access to a portion of its source code repository. 

    The disclosure was made publicly on May 2, 2026, after the company identified the intrusion and engaged leading forensic experts to investigate. Law enforcement has also been notified. For a company whose entire business is built on keeping others secure, having its own source code stolen is the kind of incident that demands more than a short statement.

    What Trellix Has Confirmed

    Trellix’s official statement reads: “Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it. We have also notified law enforcement. Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited.”

    The company is saying two distinct things. First, that someone got into the repository. Second, that there is currently no evidence the software build pipeline or any products shipped to customers were altered. Those are not the same claim, and the difference matters for anyone using Trellix products right now.

    Trellix serves over 50,000 business and government customers worldwide and protects more than 200 million endpoints. That scale means even limited access to its internal code carries potential consequences that extend well beyond the company itself.

    Who Is Behind It

    5 days after the cyberattack, RansomHouse, a cybercrime group that launched in 2022 as a data-extortion operation, formally claimed responsibility by listing Trellix on its dark web leak site and publishing a set of screenshots as proof. 

    According to RansomHouse, the intrusion occurred on April 17 and resulted in data encryption. That would mean attackers were inside Trellix’s systems for roughly two weeks before the breach was discovered and disclosed.

    RansomHouse operates using a ransomware variant called Mario ESXi, whose code shares lineage with the leaked Babuk ransomware source code, alongside a tool called MrAgent that automates the deployment of encryptors on VMware ESXi hypervisors. The group typically targets VMware ESXi infrastructure and exploits weak domain credentials and monitoring systems to gain privileged access.

    On its leak site, RansomHouse listed the breach status as “Evidence Depends on You,” a tactic used to pressure victims into paying before any stolen data is released publicly. When BleepingComputer contacted Trellix after the group’s disclosure, the company said it was “aware of claims of responsibility for the attack and are looking into it,” stopping short of confirming a direct link between RansomHouse’s claims and its own investigation.

    The Scope May Be Wider Than Source Code

    Researchers from Cybernews who reviewed the screenshots published by RansomHouse say the breach may go further than source code exposure. The images show dashboards linked to several enterprise infrastructure platforms, including VMware, Rubrik, and Dell EMC systems, tools commonly used to manage data storage, IT infrastructure, and virtual machines. 

    According to the researchers, the screenshots suggest the attackers may have accessed broader operational infrastructure rather than isolated development repositories, noting that “these earlier-mentioned internal systems handle way more than just the source code of a launched product. They also flagged the risk to Trellix’s customers directly, stating that “the impact of this incident can extend to companies that use Trellix products, because these product databases could’ve been affected as well.”

    Trellix has not publicly attributed the incident to RansomHouse. Claims involving ransomware deployment, enterprise-wide compromise, or customer data theft also remain unverified.

    Why This Breach Carries a Particular Weight

    Trellix emerged from a 2022 merger of McAfee Enterprise and FireEye, two names that have long been associated with cybersecurity defense. FireEye itself suffered a significant breach in 2020 when attackers stole its red-team tools, the very software used to test client defenses. The Trellix incident lands in that same uncomfortable category, where the tools and knowledge meant to defend others become the target.

    Source code, specifically, is a high-value target. Source code repositories are prime targets for attackers seeking to identify exploitable vulnerabilities, embed backdoors, or conduct supply chain attacks against downstream customers. When that code belongs to a company whose products sit on 200 million endpoints globally, the question of what was accessed and what was done with it needs to be asked. 

    Trellix has said it will share more details once its investigation is complete. Given the scale of its customer base and the nature of what was stolen, that update will need to be far more detailed than what has been shared so far.

    cybersecurity Data Breach RansomHouse Source code breach Trellix
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email
    precious
    • LinkedIn

    I’m Precious Amusat, Phronews’ Content Writer. I conduct in-depth research and write on the latest developments in the tech industry, including trends in big tech, startups, cybersecurity, artificial intelligence and their global impacts. When I’m off the clock, you’ll find me cheering on women’s footy, curled up with a romance novel, or binge-watching crime thrillers.

    Related Posts

    A Kill Switch for AI Trading Sounds Extreme Until You Understand What Happens When Automated Financial Systems Fail at Scale

    July 10, 2026

    Hackers Stole 630GB of Apple and Tesla Manufacturing Secrets from Tata Electronics. The Breach Confirms Everything Supply Chain Security Experts Have Warned About for Years.

    July 9, 2026

    The U.S. Lifted Export Controls on Fable 5 and Mythos 5 After 19 Days. The Terms Anthropic Agreed to in Order to Get Its Models Back Are the Real Story.

    July 8, 2026

    Comments are closed.

    Top Posts

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026

    MIT Study Reveals ChatGPT Impairs Brain Activity & Thinking

    June 29, 2025
    Don't Miss
    Big Tech & Startups

    The API That Powered GIFs Across Every App You Use Just Disappeared. Here Is the Scramble It Left Behind and What Fills the Gap

    By fariehanJuly 16, 2026

    Tenor’s API shutdown marks the end of an internet service millions relied on without realizing…

    Japan Is Running Out of Workers and Has Decided Robots Are the Only Realistic Answer. The Plan to Deploy 10 Million of Them by 2040 Is the Most Ambitious Industrial Policy Any Country Has Announced This Decade

    July 16, 2026

    Google Just Launched Gemini Omni Flash and It Can Create and Edit Video in Real Time. Here Is What That Changes About AI Video Tools

    July 16, 2026

    China Just Ordered ByteDance and Alibaba to Shut Down Personalized AI Companion Features by July 15. The Regulation Behind the Ban Is the Most Restrictive AI Law Any Government Has Passed This Year.

    July 15, 2026
    Stay In Touch
    • Facebook
    • Twitter
    About Us
    About Us

    Evolving from Phronesis News, Phronews brings deep insight and smart analysis to the world of technology. Stay informed, stay ahead, and navigate tech with wisdom.
    We're accepting new partnerships right now.

    Email Us: info@phronews.com

    Facebook X (Twitter) Pinterest YouTube
    Our Picks
    Most Popular

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026
    © 2025. Phronews.
    • Home
    • About Us
    • Get In Touch
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.