developing-story - TrustStrike Labs

breach

2026-05-02

Cybersecurity firm Trellix says attackers reached part of its source code repository

Trellix, the cybersecurity company formed from the 2022 merger of McAfee Enterprise and FireEye, disclosed Friday that attackers reached part of its source code repository. The company says it has 'no evidence' that source code releases were tampered with, that the source code itself was exploited, or that customer data was affected - but it has not said how long the attackers had access, who they were, or what they took. Trellix is now working with outside forensics firms and has notified law enforcement. Trellix sells endpoint protection, email security, and managed detection products to enterprise and government customers. The company has not given a timeline for further disclosure.

trellix source-code-breach cybersecurity-vendor mcafee-enterprise fireeye developing-story supply-chain-risk

Check: If your organization uses any Trellix product, watch for unusual update patterns this week and avoid auto-updating until Trellix confirms the integrity of its release pipeline.
Affected: Trellix customers - enterprises and US government agencies that use Trellix endpoint, email, IPS, or managed detection products. Source code access doesn't automatically mean compromised products, but it's the starting position for finding new vulnerabilities. Defense and federal customers face higher residual risk pending Trellix's full disclosure.
Fix: Verify Trellix product update integrity by comparing checksums for any agent updated since the breach window. Hold non-emergency Trellix updates pending more clarity. For high-security environments, run Trellix in monitor-only mode for the next two weeks. Track Trellix's incident page directly and demand a written incident report within 30 days.

breach

2026-05-01

Instructure, the company that runs Canvas for schools and universities, says hackers breached its systems

Instructure disclosed Friday that a 'criminal threat actor' breached its systems. The company runs Canvas, the learning management platform used by schools, universities, and corporate training programs - and a successful breach exposes student records, teacher records, course content, and grades. Instructure has not said how many users are affected or what data was taken, only that outside forensics are investigating. Canvas Data 2 and Canvas Beta have been in maintenance since May 1, with customers warned about API key issues. The pattern matches the January 2025 PowerSchool breach, which exposed data on 62 million students and is still being followed by ransom demands against individual schools.

instructure canvas edu-tech schools universities powerschool-comparison developing-story api-keys

Check: If your school or organization uses Canvas, audit which API keys you have integrated with Canvas and rotate any issued in the past 6 months as a precaution.
Affected: Schools, universities, and corporate training organizations using Canvas. Student records, teacher records, course content, gradebook data, and uploaded files are all in scope until Instructure confirms otherwise. Salesforce-integrated Canvas tenants may be at higher risk - 2025's Instructure incident traced to a Salesforce compromise.
Fix: Rotate Canvas API keys, especially for downstream tools (gradebook integrations, SSO, third-party plugins). Brief students, parents, and faculty that any 'Canvas account verification' email is potentially hostile - go to canvas.instructure.com directly. Request Instructure's incident notification timeline in writing and pre-prepare your own student/parent notification template.