Trellix says part of its source code repository was breached and it is working with forensic experts while notifying law enforcement. Details are scarce, and the timing suggests a possible link to a wider supply-chain campaign tied to groups like TeamPCP and Lapsus. #Trellix #Lapsus
Keypoints
- Trellix reported a breach of a portion of its source code repository.
- The company has engaged forensic investigators and informed law enforcement.
- Trellix states there is no evidence so far that its code distribution or release processes were exploited.
- The exact intrusion window, attackers, and affected products remain unconfirmed.
- Experts suspect the incident may be linked to a broader supply-chain campaign involving groups such as TeamPCP and Lapsus that targeted CI/CD pipelines.
Read More: https://www.securityweek.com/trellix-source-code-repository-breached/