Originally published by BleepingComputer
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion.
Yesterday, the threat actor published on their data leak site screenshots indicating access to the cybersecurity company’s appliance management system. However, BleepingComputer could not confirm the authenticity of the data.
Trellix is an international cybersecurity firm with global Fortune 100 customers. In 2025, the company had more than 53,000 customers in 185 countries and 3,500 employees.
The company confirmed the breach in a statement on May 1st and said that it was investigating the incident. “Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it,“stated Trellix.
“We have also notified law enforcement. Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited.”
At the time, BleepingComputer’s request for details went unanswered, and the company did not disclose any information about the perpetrators.
Following a new request for comments after RansomHouse’s disclosure, Trellix told BleepingComputer that it was “aware of claims of responsibility for the attack and are looking into it.”
According to the threat actor, the intrusion occurred on April 17 and resulted in data encryption.
RansomHouse is a cybercrime group thatlaunched in 2022as a data-extortion operation, listing victims on a darkweb portal and leaking or selling data stolen from their corporate networks.
Over time, the threat actor added more advanced encryption utilities to their toolkit, such as ‘Mario,’ which performs a dual-encryption pass with two keys on target files, and ‘MrAgent,’ which automates the deployment of encryptors on VMware ESXi hypervisors.
A recent high-profile case involving RansomHouse was that of Japanese e-commerce giantAskul Corporation, from which the threat group stole 740,000 customer records, among other sensitive information.
Trellix’s investigation is still underway, and the company previously promised toshare more detailsonce they become available.
99% of What Mythos Found Is Still Unpatched.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
Zara data breach exposed personal information of 197,000 people
Instructure hacker claims data theft from 8,800 schools, universities
Instructure confirms data breach, ShinyHunters claims attack
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
As an Amazon Associate, we earn from qualifying purchases at no extra cost to you.