
Trellix
Cybersecurity vendor formed from McAfee Enterprise and FireEye merger; source code breached April 2026.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Could Trellix's leaked source code help attackers evade the very defences it sells?
Timeline for Trellix
Mentioned in: UK cyber bill drops payment regime
Cybersecurity: Threats and DefencesConfirmed unauthorised repository access and stated no evidence source code was altered or weaponised
Cybersecurity: Threats and Defences: RansomHouse posts Trellix internal screenshots as extortion leverageConfirmed unauthorised access to part of its source-code repository on 8 May, 21 days after intrusion
Cybersecurity: Threats and Defences: Trellix discloses 21-day-old breach of source-code repositoryWhat was stolen in the Trellix data breach?
Is Trellix the same as McAfee?
Why did Trellix take 21 days to disclose the breach?
Background
Trellix is a cybersecurity detection and response vendor formed in January 2022 through the merger of McAfee Enterprise and FireEye, both acquired by private equity firm Symphony Technology Group (STG). On 8 May 2026, Trellix disclosed that an unauthorised party — later identified as RansomHouse — had accessed part of its source-code repository on 17 April, a 21-day intrusion-to-disclosure gap. No data from the breach had appeared publicly as of the disclosure date.
Trellix produces endpoint detection and response (EDR), email security, network detection, and threat-intelligence products. Its customer base includes UK Government departments and critical national infrastructure operators, making source-code access potentially significant for adversaries seeking to understand detection signatures or identify sensor blind spots. The company markets itself as a successor to the threat-intelligence pedigree of FireEye's Mandiant division, though Mandiant itself was sold to Google in 2022 before the Trellix merger completed.
The 21-day disclosure timeline sits outside the 24-hour initial-notification window proposed by the UK Cyber Security and Resilience Bill. The breach raises questions about whether Trellix's own detection tooling flagged the intrusion promptly, given the reputational sensitivity of a security vendor failing to detect an attacker inside its own systems.