"F5 discovered the breach on August 9, 2025. The investigation revealed that attackers had access to critical systems for an extended period of time. They penetrated the BIG-IP product development environment and the technical knowledge management platform. This access allowed the hackers to steal source code, information about unpublished vulnerabilities, and some customer configuration data. F5 disclosed this in documents submitted to the US SEC, which BleepingComputer has reviewed."
"There were also no suspicious code changes within the BIG-IP environment, so it appears that the attackers only exfiltrated data. Other platforms such as CRM and financial systems and support services remained secure. NGINX, F5 Distributed Cloud Services, and Silverline systems also escaped the attack. Despite the critical nature of the stolen information, F5 states that there is no evidence of actual misuse."
F5 discovered the breach on August 9, 2025, and found attackers with prolonged access to critical systems, including the BIG-IP product development environment and a technical knowledge management platform. Attackers stole source code, information on unpublished vulnerabilities, and some customer configuration data. F5's software supply chain and major platforms such as CRM, financial systems, support services, NGINX, F5 Distributed Cloud Services, and Silverline were not compromised. There were no suspicious code changes in BIG-IP and no evidence of actual misuse. The US government requested delay of public notification, approved by the Department of Justice on September 12, 2025. F5 continues to identify affected customers.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]