Trellix Source Code Repository Breached

Linked to the profit-driven hacker groupsTeamPCPand Lapsus$, this campaign has impacted several cybersecurity firms, includingCheckmarx,Aqua Security, andBitwarden.The hackers exploited trust in software development and security infrastructure, compromising CI/CD pipelines to distribute trojanized updates and malicious extensions, which enabled large-scale exfiltration of credentials and source code from affected enterprise environments.Related:SAP NPM Packages Targeted in Supply Chain AttackRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain AttackRelated:Mercor Hit by LiteLLM Supply Chain Attack

The hackers exploited trust in software development and security infrastructure, compromising CI/CD pipelines to distribute trojanized updates and malicious extensions, which enabled large-scale exfiltration of credentials and source code from affected enterprise environments.Related:SAP NPM Packages Targeted in Supply Chain AttackRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain AttackRelated:Mercor Hit by LiteLLM Supply Chain Attack

Related:SAP NPM Packages Targeted in Supply Chain AttackRelated:European Commission Confirms Data Breach Linked to Trivy Supply Chain AttackRelated:Mercor Hit by LiteLLM Supply Chain Attack

Related:European Commission Confirms Data Breach Linked to Trivy Supply Chain AttackRelated:Mercor Hit by LiteLLM Supply Chain Attack

Related:Mercor Hit by LiteLLM Supply Chain Attack

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting.

Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer.

Source: SecurityWeek