Cybersecurity Company Trellix Disclosed Source Code Repository Breach
Cybersecurity Company Trellix Disclosed Source Code Repository Breach
Cybersecurity giant Trellix has disclosed a significant breach involving unauthorized access to a portion of its source code repository. Upon discovery in early May 2026, the company engaged external forensic experts and notified law enforcement. Preliminary investigations indicate no evidence that the distribution pipeline was compromised or that customer-facing products were tampered with. While the full extent of the data access is still being evaluated, Trellix emphasizes that no active exploitation of the stolen code has been detected in the wild.
Source: Cyber Security News
Instructure Under Data Breach by ShinyHunters
Education technology company Instructure, the developer of the Canvas learning management system, confirmed it is investigating a cybersecurity incident following claims by the ShinyHunters extortion group. The threat actors allegedly exfiltrated sensitive data after gaining access to the company’s internal systems. While Instructure has not yet detailed the volume of compromised records, ShinyHunters has previously utilized vishing and SSO compromise to target high-profile organizations. The company is working with forensic experts to assess the breach’s impact.
Source: Bleeping Computer
ChipSoft Confirms Patient Data Breach
Dutch medical software provider ChipSoft confirmed that patient data stolen during an April 2026 ransomware attack has been destroyed. The company collaborated with cybersecurity experts to verify the data’s deletion in a “technically sound manner,” successfully preventing its public release. While ChipSoft restored services like Zorgplatform and HiX Mobile, it declined to clarify if a ransom was paid. The breach impacted several Dutch healthcare institutions, though Belgian patient records remained unaffected. Forensic investigations continue alongside Z-CERT.
Source: The Cyber Express
NCSC Warns Organizations to Prepare for a Patch Wave
The UK’s National Cyber Security Centre (NCSC) is warning organizations to prepare for a “patch wave” as AI tools accelerate vulnerability discovery. CTO Ollie Whitehouse predicts a surge in software updates as vendors use frontier models like Claude Mythos to identify long-standing security flaws. To manage this influx, the NCSC recommends prioritizing external attack surfaces, enabling automatic “hot patching,” and addressing technical debt in legacy systems. CISA is reportedly considering similar measures, potentially shortening federal patching deadlines to just three days.
Source: Infosecurity Magazine
Click here to subscribe our Newsletter
