Find notable cyber news and cases, enriched with sources, timelines, and signals.

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First reported
Last updated
Happening score
H score 79
1 unique sources, 1 articles

Summary

Hide ▲

As of 2026-04-02, ongoing attacks are exploiting CVE-2025-53521 against F5 BIG-IP APM systems, leaving more than 14,000 exposed online and at risk of remote code execution. F5 said the flaw was reclassified from DoS to RCE after new information in March 2026, and CISA has added it to its actively exploited list. The exploitation wave targets unpatched systems with access policies configured on a virtual server, which makes internet-facing deployments especially risky.

Cases

Related Happenings

UniFi OS Server unauthenticated root RCE chain (multiple vulnerabilities)

Vulnerability
H score25 First: 08.06.2026 18:51 Last: 08.06.2026 18:51 Sources 1

About this happening: **UniFi OS Server** is exposed to an **unauthenticated root RCE chain** that combines **CVE-2026-34908**, **CVE-2026-34909**, and **CVE-2026-34910**, putting **versions 5.0.6 and...

Latest development: 24.06.2026 15:32

CISA added CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to the Known Exploited Vulnerabilities (KEV) catalog after warnings that threat actors were targeting UniFi OS Server devices and multiple users reported in-the-wild exploitation that created rogue administrator accounts named 'John Sim' on affected Ubiquiti systems.

Automatic tank gauge (ATG) systems ongoing attacks

Exploitation Wave
H score25 First: 05.06.2026 17:50 Last: 05.06.2026 17:50 Sources 1

About this happening: **Over 900 internet-exposed ATG systems** across the United States are being targeted in **ongoing attacks**, creating risk of **alert tampering**, **fuel or chemical leaks**, and...

HTTP/2 servers HPACK flow-control DoS denial-of-service flaw (CVE-2026-49975)

Vulnerability
H score26 First: 03.06.2026 22:08 Last: 03.06.2026 22:08 Sources 1

About this happening: **HTTP/2 servers** were found vulnerable to the **HTTP/2 Bomb** DoS weakness, where **HPACK compression amplification** plus **HTTP/2 flow-control stalling** lets a single client...

Ubiquiti UniFi OS security updates (multiple vulnerabilities)

Security Patch Release
H score28 First: 22.05.2026 15:00 Last: 22.05.2026 15:00 Sources 1

About this happening: **Ubiquiti** released **security updates** for **UniFi OS** to close **five vulnerabilities**, including **three maximum-severity flaws** that could let **remote attackers without...

Latest development: 24.06.2026 15:32

CISA warned that threat actors were targeting CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 in Ubiquiti UniFi OS devices after the flaws were patched in UniFi OS Server 5.0.8, and multiple users reported that the bugs were exploited in the wild, likely as zero-days, to create rogue administrator accounts named John Sim.

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
H score78 First: 15.05.2026 00:07 Last: 15.05.2026 00:07 Sources 1

About this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...

Timeline

  1. 02.04.2026 11:25 1 articles · 3mo ago

    CISA adds CVE-2025-53521 to actively exploited list

    Legal Policy Action Update

    CISA adds CVE-2025-53521 to its actively exploited catalog and directs federal agencies to secure F5 BIG-IP APM systems by midnight Monday, escalating the flaw to an urgent remediation priority for exposed deployments.

    Show sources
  2. 02.04.2026 11:25 1 articles · 3mo ago

    F5 reclassifies CVE-2025-53521 as RCE

    Technical Analysis Update

    F5 says new information obtained in March 2026 changes CVE-2025-53521 from a denial-of-service bug to a remote code execution bug, and the company warns that the vulnerability has been exploited in vulnerable BIG-IP versions, including unpatched BIG-IP APM systems with access policies configured on a virtual server.

    Show sources
  3. 02.04.2026 11:25 1 articles · 3mo ago

    Federal agencies face Monday BIG-IP APM remediation deadline

    Legal Policy Action Update

    CISA requires federal agencies to secure their BIG-IP APM systems by Monday, reinforcing urgent patching and validation for exposed F5 deployments affected by CVE-2025-53521.

    Show sources
  4. 02.04.2026 11:25 2 articles · 3mo ago

    Shadowserver measures BIG-IP APM exposure at internet scale

    Campaign Scope Update

    Shadowserver says it now tracks over 17,100 IPs with BIG-IP APM fingerprints and more than 14,000 BIG-IP APM systems remain exposed to CVE-2025-53521 attacks, showing a broad internet-facing exposure base during the ongoing exploitation wave.

    Show sources