Trellix Reveals Unauthorized Access to Source Code
Security vendor Trellix has suffered a breach involving unauthorized access
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
Weekly headline count for the current query.
Security vendor Trellix has suffered a breach involving unauthorized access
Explore Infosecurity Magazine’s most-read cybersecurity stories of 2025, from major vendor shake-ups and zero-day exploits to AI-driven threats and supply chain attacks
The US cybersecurity agency called for the CVE program to remain publicly maintained and vendor-neutral while emphasizing the need for broader engagement
A ransomware attack by KillSec on Brazil software provider MedicSolution threatens healthcare, impacting providers and patients
Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers
The US Immigration agency has resumed a $2m contract with the Graphite spyware developer, now owned by US investor AE Industrial Partners
Google’s Project Zero team will provide limited details of new vulnerabilities early following discovery, in a bid to speed up end users’ patching
China’s Hikvision vows legal battle after Canada bans its operations, citing national security concerns
The ban on Hikvision products follows a national security review under the Investment Canada Act
Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system
The ransomware group combines IT vendor impersonation and phishing frameworks like Evilginx to breach its targets
During Infosecurity Europe 2025 experts will explore how to strengthen organizational resilience against persistent third-party risks
Ivanti customers are urged to patch two new bugs in the security vendor's products, one of which is being actively exploited
Phishing attacks, business email compromise and vendor email compromise attacks on manufacturing have surged in the past 12 months
Despite reported attempts from Patchstack to contact the vendor, no response has been received
Electronic prescriptions provider MediSecure said the attack originated from a third-party vendor, and has impacted individuals’ personal and health information
Drug trafficker Banmeet Singh made $150m in cryptocurrency from dark web sales
Abnormal Security also noted a 71% surge in BEC attacks against the same sector
NextGen Healthcare was accused of violating False Claims Act
American Airlines reported 5745 pilots and applicants affected, Southwest Airlines reported 3009