Microsoft has confirmed active exploitation of CVE-2026-42897, putting exposed on-prem Exchange and Outlook Web Access environments back under pressure.
NGINX Rift shows how a small rewrite-rule pattern can become a large operational risk. The flaw is not a universal one-request takeover, but exposed NGINX estates should still treat patching and configuration review as urgent.
NVIDIA and Emerald AI are redefining the AI race through electricity, distributed compute and flexible AI factories. The next trillion-dollar infrastructure layer may not be chips alone, but the orchestration of power, grids, micro data centres and the emerging inference economy.
Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
Trellix has confirmed that attackers gained unauthorised access to part of its internal source code repository, placing one of the sector’s major vendors under direct scrutiny for its own software supply chain controls. In an official statement, the company said it recently identified the compromise, moved quickly to engage leading forensic specialists, and notified law enforcement.
Trellix maintains that, based on current findings, there is no evidence its source code release or distribution processes were affected, and no indication the code has been exploited. Cyber analyst and media outlets confirms access to part of a repository. However, key details remain undisclosed, including which systems were impacted, how long the attackers had access, and who was responsible.
The concern is straightforward. Source code repositories are high value targets. They expose product logic, architecture and potential weaknesses that can be weaponised later. That includes backdoor development, evasion techniques, or broader downstream supply chain attacks. When the target is a major endpoint security and XDR provider, the implications extend well beyond a single vendor.
Why it matters
Trellix products operate deep within enterprise security environments, covering endpoint protection, detection and response, email and data security, network detection and security operations. Any exposure at the code level raises legitimate questions about long term assurance, even where no immediate tampering is identified.
Attackers are shifting focus upstream. Development environments are now a primary target set, including source code, CI/CD pipelines, developer credentials and code signing infrastructure. A breach at this layer scales risk across entire customer bases. This is no longer a contained technical issue. It is a governance, trust and systemic risk question.
For Australian organisations and global enterprises alike, this incident is a clear signal to reassess how security vendors are evaluated. That includes controls around repository access, secret management, isolated build environments, code signing integrity, update mechanisms and independent incident validation. Security vendors should not be treated as outside the threat model.
There is no immediate indication that Trellix customers are compromised based on current disclosures. That said, organisations should stay alert for further technical detail, follow any vendor guidance as it emerges, and strengthen their third party software risk frameworks. The exposure of development infrastructure is now a frontline risk, not a theoretical one.
Get the stories that matter to you. Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Sign up for Cyber News Centre
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead.
Microsoft has confirmed active exploitation of CVE-2026-42897, putting exposed on-prem Exchange and Outlook Web Access environments back under pressure.
NGINX Rift shows how a small rewrite-rule pattern can become a large operational risk. The flaw is not a universal one-request takeover, but exposed NGINX estates should still treat patching and configuration review as urgent.
Instructure has confirmed that a criminal threat actor accessed Canvas user information and messages, while ShinyHunters claims a far larger education-sector data haul affecting millions of students, teachers, and institutions worldwide.
The UK’s 2025/2026 Cyber Security Breaches Survey shows 43% of businesses and 28% of charities reported a cyber incident in the past year. The headline is not just persistence; it is operational exposure. Phishing remains the dominant route in, education is absorbing heavier pressure, and supplier-r
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
