Trellix has announced that internal source code for portions of its product portfolio was accessed without authorisation. The affected material relates to product development code only and does not include customer environments or customer data. There is no indication of malicious modification to released software artifacts.
Trellix is a global cybersecurity company formed in 2022 through the merger of McAfee Enterprise and FireEye following their acquisition by Symphony Technology Group. The company provides extended detection and response (XDR), endpoint security, email security, threat intelligence, and incident response solutions to enterprises and government organizations worldwide.
Although there is no evidence of customer compromise or software tampering, unauthorized access to cybersecurity vendor source code may provide advanced adversaries with insights that could be used to develop detection-evasion techniques or accelerate vulnerability research.
Potential for detection evasion through analysis of internal logic and heuristics.
Accelerated discovery of weaknesses or edge cases in defensive controls.
Increased intelligence value for threat actors targeting environments integrated with Trellix products.
Long-term strategic risk rather than immediate exploitation risk.
No immediate action is required by customers but as a precaution, organizations should:
Continue applying product updates.
Monitor anomalous behavior.
Maintain defense-in-depth security architectures.
In response to this incident, Trellix has taken the following actions:
Engaged law enforcement authorities
Engaged with leading third‑party forensic experts
Forensic analysis of affected systems
Conducted a comprehensive review of relevant source code repositories and access logs
Completed a full audit of the Secure Development Lifecycle (SDLC), confirming it was not tampered with
Executed audit reviews confirming no unauthorised changes to source code
Performed validation of released software artifacts and distribution processes
Based on the investigation to date:
No evidence of malicious modification to source code has been identified
No indication that the source code release or distribution process was affected
No evidence that customer environments or customer data were accessed
No evidence that the accessed source code has been exploited
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively get in touch to find out how you can protect your organisation.