"Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited."
"The timing, however, suggests the breach may be related to a major supply chain attack targeting various open source applications to gain access to numerous companies."
"The hackers exploited trust in software development and security infrastructure, compromising CI/CD pipelines to distribute trojanized updates and malicious extensions."
Trellix reported a breach of its source code repository and is investigating the incident with forensic experts and law enforcement. The company stated that there is no evidence of exploitation or impact on its source code distribution. The breach may be linked to a larger supply chain attack affecting various open source applications and cybersecurity firms. Hackers have compromised CI/CD pipelines to distribute malicious updates, leading to the exfiltration of credentials and source code from enterprise environments.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]