Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
Stargate has become the clearest warning flare in the AI boom, as Norway, Australia and a handful of hyperscalers turn the race for compute into a high‑stakes battle over who will own, power and ultimately control the global inference economy.
The UK’s 2025/2026 Cyber Security Breaches Survey shows 43% of businesses and 28% of charities reported a cyber incident in the past year. The headline is not just persistence; it is operational exposure. Phishing remains the dominant route in, education is absorbing heavier pressure, and supplier-r
Trellix says attackers gained unauthorised access to part of its source code repository, but has found no evidence that its release pipeline was affected or that code was exploited.
Trellix has confirmed that attackers gained unauthorised access to part of its internal source code repository, placing one of the sector’s major vendors under direct scrutiny for its own software supply chain controls. In an official statement, the company said it recently identified the compromise, moved quickly to engage leading forensic specialists, and notified law enforcement.
Trellix maintains that, based on current findings, there is no evidence its source code release or distribution processes were affected, and no indication the code has been exploited. Cyber analyst and media outlets confirms access to part of a repository. However, key details remain undisclosed, including which systems were impacted, how long the attackers had access, and who was responsible.
The concern is straightforward. Source code repositories are high value targets. They expose product logic, architecture and potential weaknesses that can be weaponised later. That includes backdoor development, evasion techniques, or broader downstream supply chain attacks. When the target is a major endpoint security and XDR provider, the implications extend well beyond a single vendor.
Trellix products operate deep within enterprise security environments, covering endpoint protection, detection and response, email and data security, network detection and security operations. Any exposure at the code level raises legitimate questions about long term assurance, even where no immediate tampering is identified.
Attackers are shifting focus upstream. Development environments are now a primary target set, including source code, CI/CD pipelines, developer credentials and code signing infrastructure. A breach at this layer scales risk across entire customer bases. This is no longer a contained technical issue. It is a governance, trust and systemic risk question.
For Australian organisations and global enterprises alike, this incident is a clear signal to reassess how security vendors are evaluated. That includes controls around repository access, secret management, isolated build environments, code signing integrity, update mechanisms and independent incident validation. Security vendors should not be treated as outside the threat model.
There is no immediate indication that Trellix customers are compromised based on current disclosures. That said, organisations should stay alert for further technical detail, follow any vendor guidance as it emerges, and strengthen their third party software risk frameworks. The exposure of development infrastructure is now a frontline risk, not a theoretical one.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
The UK’s 2025/2026 Cyber Security Breaches Survey shows 43% of businesses and 28% of charities reported a cyber incident in the past year. The headline is not just persistence; it is operational exposure. Phishing remains the dominant route in, education is absorbing heavier pressure, and supplier-r
SAP npm packages poisoned with credential-stealing malware in "Mini Shai-Hulud" attack. Malicious preinstall hooks harvest GitHub tokens, cloud keys and CI/CD secrets. Attackers weaponise AI agent configs for persistence, turning Claude and VS Code settings into execution paths.
Medtronic says a third party accessed data in corporate IT systems, while ShinyHunters claims more than nine million records were stolen. The incident did not disrupt products or patient care, but it exposes the widening risk around corporate IT, identity data and medical technology supply chains.
Vercel confirms a security incident after a compromised third-party AI tool's OAuth token allowed attackers to pivot into internal systems, exposing environment variables and API keys across its platform.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
