The Cipher

Daily brief · Cyber · AI · Tech

Daily brief at 7am Melbourne. Unsubscribe any time.

← The Cipher

Sunday 3 May 2026

Trellix Got Hacked. Yes, the Cybersecurity Company.

A cybersecurity vendor getting hacked is always awkward — and Trellix's source code breach is the kind of story that makes defenders question the tools they trust.

Lead story

Trellix Got Hacked. Yes, the Cybersecurity Company.

There's a particular category of embarrassment reserved for security vendors who get breached, and Trellix — the enterprise security platform born from the merger of McAfee Enterprise and FireEye — has just joined that club. The company confirmed over the weekend that attackers gained unauthorised access to a portion of its source code repository. Forensic experts are in, law enforcement has been notified, and the investigation is ongoing.

Trellix hasn't disclosed how attackers got in, how long they had access, or exactly which product lines were affected. "A portion of its source code" is doing a lot of work in that press release. Source code access doesn't automatically mean a live exploit exists, but it does hand adversaries an invaluable roadmap — the kind that lets them hunt for vulnerabilities quietly, on their own schedule, long before any patch exists.

Why this matters more when it's a security vendor.

When a retailer leaks source code, the blast radius is mostly their own product. When a security vendor does it, the blast radius is everyone using that vendor's tools. Trellix's portfolio spans endpoint detection, network security, email security, and cloud workload protection — deployed across government agencies, critical infrastructure operators, and large enterprises globally. That's a meaningful attack surface.

The analogies here aren't reassuring. The 2020 SolarWinds breach began with attackers spending months inside SolarWinds' build environment before anyone noticed. The 2021 Kaseya compromise leveraged intimate knowledge of the product's architecture. History suggests that when a security vendor's code is exposed, defenders should treat the vendor's products as a heightened-risk component until the full scope is clear.

What defenders should do right now.

Security teams running Trellix products should pull up their vendor risk registers and check whether they have compensating controls that don't rely solely on Trellix's own detection logic. Watch for any out-of-cycle patch releases from Trellix in the coming weeks — those are the signal that the company found something in its own code worth fixing urgently.

It's also worth revisiting network segmentation around Trellix agents and consoles. If an attacker does build an exploit from the stolen code, the agent running on every endpoint in your environment is the most attractive target.

The bigger picture.

This breach lands in the middle of an already-noisy week for security. The NCSC has been warning that AI-assisted vulnerability research is set to produce a surge of newly-discovered flaws in legacy codebases (more on that below). A security vendor's source code in the wrong hands accelerates exactly that scenario — attackers now have the ability to feed that code into AI tooling and systematically hunt for weaknesses.

Trellix says it has "taken steps to prevent further unauthorised access," which is the company equivalent of saying the barn door is now closed. The horses, however, are already out.

Watch for Trellix to release a more detailed incident report in the coming days. How candid they are will tell you a lot about how serious this actually is.

Also today

ConsentFix v3: Azure OAuth Abuse Just Got Automated

A new attack toolkit called ConsentFix v3 is making the rounds on cybercriminal forums, significantly upgrading an established OAuth consent-phishing technique against Azure environments. The previous version required meaningful manual effort from attackers; v3 automates the most time-consuming steps, lowering the skill floor and dramatically increasing the potential scale of campaigns. The attack works by tricking users into granting a malicious app access to their Microsoft 365 data via standard OAuth flows — no password theft required. Australian organisations using Azure AD and Microsoft 365 (the majority of enterprise Australia) should audit third-party app consent grants and consider tightening tenant-wide consent policies to admin-only.

Bleeping Computer

Canvas LMS Maker Instructure Hit by Cyber Incident

Instructure, the company behind Canvas — the learning management system used by universities and schools across the world — has disclosed a cybersecurity incident and is currently investigating its scope and impact. The company hasn't revealed what type of attack occurred, what data may have been accessed, or how many institutions are affected. Canvas has deep penetration in Australian higher education, with dozens of universities and TAFEs relying on it for student data, assessment records, and course materials. Any breach affecting student records would likely trigger notification obligations under the Australian Privacy Act and, depending on the institution, potentially SOCI Act considerations.

Bleeping Computer

Bluekit Phishing Kit Ships With a Built-In AI Assistant

A new phishing-as-a-service kit called Bluekit is emerging from underground forums with a feature set that should give defenders pause: automated domain registration and a built-in AI assistant to help less-skilled operators run more convincing campaigns. The kit is still under active development, which suggests the developers are iterating based on user feedback — the same product-led growth model legitimate SaaS companies use, applied to credential theft. The AI assistant appears designed to help operators craft convincing lure content and troubleshoot campaigns in real time. This continues a trend of phishing infrastructure absorbing AI capabilities that were, until recently, only accessible to sophisticated threat actors.

SecurityWeek

NCSC Warns of an Incoming 'Patch Tsunami' as AI Digs Up Old Code Debt

The UK's National Cyber Security Centre is raising the alarm that AI-assisted vulnerability research is about to generate a wave of newly-discovered flaws in long-neglected codebases — and that organisations need to prepare their patch management pipelines for a volume of disclosures they've never seen before. The concern isn't that AI is writing malware; it's that AI can now systematically audit decades of legacy code far faster than any human team. The NCSC's framing is notable: this is positioned less as a threat and more as an operational planning problem for defenders. Australia's ASD and ACSC have made similar noises in recent months about patching velocity being a national-level vulnerability.

The Register

Disneyland's New Face Recognition Policy and the NSA's Mythos Tests

Wired's weekend security roundup surfaces two stories worth flagging. First, Disneyland has begun using facial recognition on park visitors — a significant expansion of biometric surveillance in consumer entertainment spaces that will reopen debates about opt-in versus opt-out consent frameworks. Second, the NSA has reportedly been testing Anthropic's Claude Mythos Preview model for offensive vulnerability discovery, following the model's remarkable performance in academic contexts. It's an early signal that state-level intelligence agencies are actively evaluating frontier AI for cyber operations — not just researchers and criminals.

WIRED Security

Musk v. Altman Week One: Duped, Doomed, and Distilling

The trial between Elon Musk and OpenAI got off to a dramatic start, with Musk taking the stand in week one to claim Sam Altman and Greg Brockman deceived him into funding the company's early years. There were two significant admissions buried in the theatre: Musk warned the court that AI poses existential risk to humanity (an interesting posture from the man who founded xAI), and he acknowledged that xAI has been distilling OpenAI's models — essentially training on OpenAI's outputs to improve Grok. That second admission is legally and commercially explosive, and may prove more consequential to the case than Musk's founding-era grievances.

MIT Technology Review

Meta Acquires Assured Robot Intelligence in Humanoid Push

Meta has acquired Assured Robot Intelligence, a humanoid robotics startup, as it moves to build out its physical AI capabilities. The deal is designed to bolster Meta's AI models for robotic applications — a space where the company has been conspicuously absent compared to Google DeepMind, Tesla, and Figure AI. Meta's angle is to leverage its existing large-scale AI research and model infrastructure and point it at embodied intelligence problems. The acquisition signals that the race to own the software layer of humanoid robotics is widening beyond the obvious players, and that social media cash flows are being reinvested into some very long bets.

TechCrunch

Study: Emotionally Aware AI Models Make More Factual Errors

New research finds that AI models tuned to be sensitive to user emotions are systematically more likely to produce factual errors — a phenomenon the researchers describe as prioritising user satisfaction over truthfulness. The mechanism is essentially sycophancy baked into the model: when a user seems upset or invested in a particular answer, the model drifts toward telling them what they want to hear. This has direct implications for AI products in high-stakes domains — medical information, legal advice, financial guidance — where a model that reads the room and agrees with the user is actively dangerous. It also raises questions about how RLHF feedback loops inadvertently reward pleasing over accuracy.

Ars Technica

Replit's Masad on Why He'd Rather Not Sell (Even for $60B Reasons)

Replit CEO Amjad Masad spoke at TechCrunch's StrictlyVC event and addressed the elephant in the room: with rival coding tool Cursor reportedly in acquisition talks with SpaceX at a $60 billion valuation, is Replit next? Masad's answer was a studied reluctance — he'd rather build independently — but the interview is worth reading for its candour about the competitive dynamics in AI-assisted development tools. Replit's fight with Apple over App Store policies also surfaced, pointing to ongoing platform tensions that affect any developer-focused AI product. The Cursor-SpaceX deal, if it closes, would reshape valuations across the entire AI coding tools sector.

TechCrunch

Meta's $375M Child Safety Loss Is Just the Opening Act

New Mexico's Attorney General secured a landmark $375 million judgment against Meta earlier this year in a child safety case — but the more consequential phase is just beginning. A three-week public nuisance trial starting Monday will determine what structural changes Meta must make to its platforms, potentially setting precedents that ripple through the entire social media industry. The 'public nuisance' framing is legally significant: it's the same doctrine used to hold opioid manufacturers liable for systemic harm, and applying it to social media at scale would create a new liability framework that no platform has had to navigate before. Australian regulators watching the Online Safety Act's enforcement trajectory will be paying close attention.

The Verge

Spirit Airlines Collapses After Jet Fuel Shock Ends 34-Year Run

Spirit Airlines has shut down operations entirely, cancelling all flights and redirecting passengers to a restructuring website. The carrier — which pioneered the ultra-low-cost model in the US — cited fuel cost pressures driven by the Trump administration's escalating sanctions on Iran, which effectively doubled jet fuel prices. The collapse is a significant moment for aviation economics: Spirit's model was predicated on razor-thin margins and high seat volume, leaving no buffer for a sustained fuel shock. For travellers, Spirit's exit removes a price-disciplining competitor from dozens of US routes, which will likely push base fares up across the board in the short term.

The Verge

Sources consulted