Trellix Source Code Breach Highlights Growing Supply Chain Threats

Trellix confirmed that a threat actor gained unauthorized access to part of its source code repository but provided few details; the company says there's no current evidence of source-code release or impact to build/release processes and is working with forensic experts and law enforcement. The article places the incident in the context of recent supply-chain and repository-targeting attacks (e.g., TeamPCP, F5) and warns that exposure of source code or CI/CD secrets could enable downstream compromise or poisoned releases.