Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

F5 hit by network compromise

Incident
First reported
Last updated
Happening score
H score 15
3 unique sources, 4 articles

Summary

Hide ▲

F5 disclosed a nation-state intrusion that compromised BIG-IP development systems and related engineering knowledge-management resources. The intrusion was first detected on August 9, 2025 and publicly disclosed on October 15, 2025. Files taken in the incident included portions of BIG-IP source code and information about undisclosed vulnerabilities. Investigators described long-term, persistent access and said the company rotated credentials, strengthened access controls, expanded monitoring, and engaged external responders including Google Mandiant and CrowdStrike. F5 also reported that there was no evidence of malicious exploitation of the vulnerabilities and no new unauthorized activity after containment efforts. Some exfiltrated knowledge-management files may have contained customer configuration or implementation information for a small percentage of customers. The company also said other core systems such as CRM, financial, support case management, and iHealth were not reached.

Cases

F5 BIG-IP APM RCE exploitation and response (4)

Related Happenings

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)

Vulnerability
First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: **CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...

Open Happening

CISA KEV patch directive for CVE-2025-53521

Advisory/Mitigation
First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...

Open Happening

Seoul Metropolitan Police raid on Coupang breach records

Law Enforcement
First: 26.01.2026 15:00 Last: 26.01.2026 15:00 Sources 1

About this happening: **Seoul Metropolitan Police Agency** raided **Coupang’s headquarters in southern Seoul** to search for **internal documents and records related to the breach**, escalating the off...

Open Happening

F5 BIG-IP and related products Quarterly Security Notification (multiple vulnerabilities)

Security Patch Release
First: 16.10.2025 11:39 Last: 16.10.2025 11:39 Sources 1

How related: “it urged all customers to apply the updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ and APM clients in its Quarterly Security Notification.”

About this happening: **F5**'s **Quarterly Security Notification** told customers to apply security updates for **BIG-IP**, **F5OS**, **BIG-IP Next for Kubernetes**, **BIG-IQ** and **APM clients**, mak...

Open Happening

Timeline

  2. 15.10.2025 19:06 2 articles · 7mo ago

    F5 discloses intrusion and response

    Initial Disclosure

    F5 publicly disclosed that unidentified threat actors broke into its systems and stole BIG-IP source code and information about undisclosed vulnerabilities, attributed the activity to a highly sophisticated nation-state threat actor, said it had not observed malicious exploitation of the vulnerabilities, and noted that some exfiltrated knowledge-management files contained configuration or implementation information for a small percentage of customers. F5 also engaged Google Mandiant and CrowdStrike, rotated credentials, strengthened access controls, deployed additional monitoring, and enhanced its product development and network security controls.

    Show sources
    Open in new tab
  3. 15.10.2025 16:32 2 articles · 7mo ago

    F5 detects unauthorized access to BIG-IP systems

    Detection Ioc Update

    F5 became aware of unauthorized access to its systems on August 9, 2025, and investigators later determined that the threat actor maintained long-term, persistent access to the BIG-IP product development environment and engineering knowledge management platform. Files exfiltrated from those systems included portions of BIG-IP source code, information about undisclosed vulnerabilities, and some customer configuration or implementation details.

    Show sources
    Open in new tab
  4. 15.10.2025 16:32 3 articles · 7mo ago

    U.S. DOJ delays public disclosure of the F5 incident

    Legal Policy Action Update

    On September 12, 2025, the U.S. Department of Justice determined that F5 could delay public disclosure of the incident under Item 1.05(c) of Form 8-K. The delay was tied to the ongoing handling of the compromise of F5 systems and the effort to secure critical systems before public notification.

    Show sources
    Open in new tab
  5. 15.10.2025 16:32 3 articles · 7mo ago

    F5 publicly discloses the breach and theft of BIG-IP source code

    Initial Disclosure

    On October 15, 2025, F5 publicly disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. F5 also stated that it had seen no evidence that the attackers used the stolen information in actual attacks, no evidence that the private information was disclosed, no suspicious code modifications, and no material impact to operations.

    Show sources
    Open in new tab
  6. 15.10.2025 16:32 2 articles · 7mo ago

    F5 detects unauthorized access to BIG-IP systems

    Detection Ioc Update

    F5 became aware of unauthorized access to its systems on August 9, 2025, and investigators later determined that the threat actor maintained long-term, persistent access to the BIG-IP product development environment and engineering knowledge management platform. Files exfiltrated from those systems included portions of BIG-IP source code, information about undisclosed vulnerabilities, and some customer configuration or implementation details.

    Show sources
    Open in new tab
  7. 15.10.2025 16:32 3 articles · 7mo ago

    U.S. DOJ delays public disclosure of the F5 incident

    Legal Policy Action Update

    On September 12, 2025, the U.S. Department of Justice determined that F5 could delay public disclosure of the incident under Item 1.05(c) of Form 8-K. The delay was tied to the ongoing handling of the compromise of F5 systems and the effort to secure critical systems before public notification.

    Show sources
    Open in new tab
  8. 15.10.2025 16:32 3 articles · 7mo ago

    F5 publicly discloses the breach and theft of BIG-IP source code

    Initial Disclosure

    On October 15, 2025, F5 publicly disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. F5 also stated that it had seen no evidence that the attackers used the stolen information in actual attacks, no evidence that the private information was disclosed, no suspicious code modifications, and no material impact to operations.

    Show sources
    Open in new tab