Cybersecurity company Trellix has confirmed that attackers gained unauthorized access to part of its source code repository. The company said it recently detected the incident and quickly started an investigation.
Trellix stated that the breach involved access to a portion of its internal source code systems. These repositories store sensitive software data that can reveal how security products are built and function.
The company has brought in external forensic experts to assist with the investigation. It has also notified law enforcement authorities about the incident.
At this time, Trellix says there is no evidence that its source code has been modified or used in any attack. The company also reported that there are no signs that its code release or distribution systems were impacted, which suggests customers are not currently affected.
However, the company has not shared details on how the attackers gained access or how long they remained in the system. It has also not identified any threat actors behind the breach.
Security experts consider source code exposure a serious risk because it can allow attackers to study software architecture and find potential vulnerabilities for future exploitation.
