🔴 A cybersecurity giant just had its source code stolen (and it protects 200 million endpoints)

Trellix disclosed yesterday that attackers gained unauthorised access to a portion of its internal source code repository.

The company was formed from the merger of McAfee Enterprise and FireEye, and is one of the world’s largest endpoint security and XDR vendors.

Forensic experts are investigating, law enforcement has been notified. And Trellix says it has found no evidence so far that the code has been exploited or that its release pipeline was affected. BleepingComputer

The attack is linked to the same TeamPCP/Lapsus$ supply chain campaign behind the Bitwarden CLI attack we covered two weeks ago… a coordinated effort targeting security vendors by compromising the software development infrastructure they depend on.

Here’s why this matters even if Trellix isn’t in your stack. When attackers get source code for a security product, they get a blueprint. They can study it quietly, find vulnerabilities nobody knows about yet, and build exploits that bypass the very protection it’s designed to provide.

We’ll keep you up to date with this one as the investigation develops.

🟡 Two more BlackCat conspirators sentenced… both were cybersecurity professionals

A satisfying bookend to a story we covered two weeks ago.

Ryan Goldberg and Kevin Martin, both working cybersecurity professionals, were sentenced Thursday to four years each in federal prison for their role in facilitating BlackCat ransomware attacks.

They conspired with Angelo Martino, the ransomware negotiator we covered on April 23 who pleaded guilty to secretly feeding attack intelligence to BlackCat while negotiating on behalf of victims. The Hacker News

The DOJ is methodically working through every link in the chain. Martino awaits sentencing in July.

🟢 Three days left to apply for the biggest MSP award in the world

The MSP 501, the channel’s most prestigious annual ranking of managed service providers, has extended its application deadline to this Thursday, May 8.

It’s the 19th year of the awards and it’s free to apply. It’s open to MSPs of any size, anywhere in the world.

One application automatically enters you for multiple award categories including Next Generation MSPs and MSPs to Watch. Winners get invited to the awards gala at MSP Summit in Orlando in September, in front of 1,500+ peers and partners. MSP Summit

If you’ve been meaning to apply and haven’t yet… maybe this is the sign you’ve been waiting for? Hit reply to let us know if you’re going to apply

Right, that’s your lot for Tuesday. We’ll be back in your inbox tomorrow morning. Have a fun day