F5 Says Hackers Stole Undisclosed BIG-IP Flaws, Source Code (bleepingcomputer.com) 14
An anonymous reader quotes a report from BleepingComputer: U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform.
F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products. BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide. [...]
F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance. To help customers secure their F5 environments against risks stemming from the breach, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. Despite any evidence "of undisclosed critical or remote code execution vulnerabilities," the company urges customers to prioritize installing the new BIG-IP software updates.
F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products. BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide. [...]
F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance. To help customers secure their F5 environments against risks stemming from the breach, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. Despite any evidence "of undisclosed critical or remote code execution vulnerabilities," the company urges customers to prioritize installing the new BIG-IP software updates.
Awkward (Score:2)
Surely they've been diligently working on fixing those undisclosed flaws. Right?
Re:Awkward (Score:5, Insightful)
Re: (Score:3)
Even more awkward that they had undisclosed exploits for in own "security" product in the cupboard. Might it be that their sort of security products are keeping their customers' subscription software safe from its' users? That would be the most harmless assumption compared to alternate business models...
tech giant specializing in cybersecurity (Score:4, Informative)
Usually the internal security of these companies is more like theatre and checkboxes filling than real security. They will buy static analysis tools that cover things like OWASP and file a quarterly report for external auditors so they can get there certifications.
During that time the product managers file feature requests with aggressive timelines that do not leave time for doing a secure implementation, until a customer complains that their own pen testing found holes.
I've worked at few high tech corporations including some cybersecurity ones. I've seen how the sausage is made.
Re: (Score:2)
Re: (Score:2)
I dont trust most of the cyber security companies.
Most of them are run by people who may have the appropriate papers, but not the appropriate mindset. They seem to think that its just like a regular company.
Hey F5 (Score:3)
You're doing it wrong.
WTF (Score:2)
If they knew it had flaws and sat on it, that's sue-worthy.
Funny! (Score:3)
Always fun when "security" companies get hacked (Score:2)
And then not even notice for a long time. Does not really go together with competence...
Just a few years after their last major compromise (Score:3)
In 2020 BIG-IP already had a critical compromise that allowed unauthenticated hackers to take full control of the device and use it to attack the rest of the internal network:
https://www.helpnetsecurity.co... [helpnetsecurity.com]
That was enough for my company at the time to abandon F5 VPN, since hackers used the exploit to ransomware the company before we could have reasonably found out about and patched the vulnerability.
Fail 5 (Score:2)
I know at one company I worked at the BIG IP server ran files with the .php3 extension. And it was ancient as fuck. But nobody cared as long as that VPN portal was behind the SSO. I suspect there's a lot of vulnerabilities on their machines.
F5 specializing in cybersecurity gets hacked...... (Score:2)