RansomHouse Claims Trellix Source Code Breach

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Trellix confirmed a breach that enabled unauthorized access to a "portion" of its source code, saying it engaged "leading forensic experts" and notified law enforcement immediately after identifying the compromise.
- The company stated there is "no evidence" the source code has been exploited or that its release or distribution process was affected.
- Trellix declined to disclose what data was accessed, who was behind the attack, or how long attackers had access to its systems, saying more details will come once the investigation is complete.
- RansomHouse claimed responsibility for the hack on May 7, 2026, listing Trellix on its data leak site.
- Trellix acknowledged the responsibility claim and said it is "looking into it," but did not confirm whether the RansomHouse incident is connected to the source code repository compromise.
- Trellix is owned by Symphony Technology Group and was founded in January 2022 through the merger of McAfee Enterprise and FireEye.
Why it matters: A cybersecurity vendor disclosing a source code breach is inherently awkward — the same code that underpins customer defenses is now potentially in adversarial hands. Trellix's claim of no exploitation will face outside scrutiny, especially given RansomHouse's public claim of responsibility, and enterprise customers will want clarity on whether detection logic or product internals were exposed.



