Trellix, a major enterprise cybersecurity provider, has confirmed unauthorized access to a portion of its source code repository, with the RansomHouse ransomware group claiming responsibility by listing the company on its dark web leak blog.
The disclosure has sent shockwaves through the security industry, given Trellix’s role as a leading provider of threat detection and response solutions to thousands of enterprises and government entities worldwide.
Trellix Confirms the Breach
In an official statement published on its website, Trellix acknowledged the incident in measured terms. “Trellix recently identified unauthorized access to a portion of our source code repository.
Trellix confirmed that law enforcement has been notified and that, based on its investigation to date, there is no evidence that the source code release or distribution process was compromised, nor that any source code has been actively exploited.
The company has committed to sharing further details with the broader security community once the investigation is complete.
However, Trellix has declined to specify when the breach was first detected, how many repositories were accessed, or whether any customer or corporate data was exfiltrated alongside the source code.
The RansomHouse group, which operates a Ransomware-as-a-Service (RaaS) model and is tracked under the alias “Jolly Scorpius,” listed Trellix on its dark web leak site with an encryption date of April 17, 2026.
The listing displays 19 pieces of evidence and carries the status “EVIDENCE DEPENDS ON YOU” a hallmark pressure tactic the group uses to coerce victims into paying ransom before stolen data is publicly released.
RansomHouse emerged in March 2022 and is known for a double-extortion strategy that combines data theft with encryption, threatening to publish stolen files on its TOR-based leak forum if demands are not met.
The group’s ransomware shares code with the Babuk ransomware family and has historically targeted large enterprises across healthcare, manufacturing, and critical infrastructure.
Supply Chain Risks for Trellix Customers
Trellix was formed in January 2022 following the merger of McAfee Enterprise and FireEye. Backed by Symphony Technology Group, the company serves over 40,000 business and government customers and protects more than 200 million endpoints through its extended detection and response (XDR) platform.
A breach of its source code repository raises serious supply chain concerns. Malicious modifications to security software could potentially be weaponized against the very organizations Trellix is designed to protect.
Security analysts have noted that while Trellix’s preliminary findings are reassuring, the absence of evidence of exploitation does not eliminate risk.
The investigation remains active, and the true scope of what was accessed, including whether proprietary detection logic, threat intelligence feeds, or product build pipelines were exposed, has yet to be publicly disclosed.
Organizations relying on Trellix products should monitor official communications closely and watch for any unusual behavior from endpoint security tools as a precautionary measure.
No Comment! Be the first one.