Last week's reported attack on the **Trellix** source code repository has been claimed by the **RansomHouse** threat group, who released a small set of images as proof of the intrusion. Yesterday, the threat actor published screenshots on their data leak site purporting to show access to the cybersecurity company's appliance management system. **BleepingComputer** was unable to independently verify the authenticity of the data. **Trellix** is a global cybersecurity firm with Fortune 100 clients. As of 2025, the company served over 53,000 customers across 185 countries and employed 3,500 individuals. The company confirmed the breach on May 1st, stating they were investigating the incident. "Trellix recently identified unauthorized access to a portion of our source code repository. Upon learning of this matter, we immediately began working with leading forensic experts to resolve it," the company stated. "We have also notified law enforcement. Based on our investigation to date, we have found no evidence that our source code release or distribution process was affected, or that our source code has been exploited." At the time of the initial report, **Trellix** did not respond to requests for details, nor did they disclose any information about the perpetrators. Following **RansomHouse's** recent disclosure, **Trellix** stated they were "aware of claims of responsibility for the attack and are looking into it." According to the threat actor, the intrusion occurred on April 17 and resulted in data encryption.  **RansomHouse** is a cybercrime group that emerged in 2022 as a data extortion operation. They list victims on a darkweb portal and leak or sell stolen data from their corporate networks. Over time, the group has incorporated more sophisticated encryption tools, including 'Mario,' which performs dual-encryption with two keys, and 'MrAgent,' which automates encryptor deployment on **VMware ESXi** hypervisors. A recent high-profile case involving **RansomHouse** was the attack on Japanese e-commerce giant **Askul Corporation**, which resulted in the theft of 740,000 customer records and other sensitive information. **Trellix's** investigation is ongoing, and the company has stated it will share more details as they become available.