Nation-state hackers breach F5, steal info about BIG-IP flaws and source code

US cybersecurity company F5 has revealed it has suffered a major security breach, which saw sensitive data such as information on undisclosed BIG-IP vulnerabilities and source code stolen. The company says that the intruders, believed to be a state-backed hacker group, had a long-term access to its internal systems.

According to a regulatory filing with the US Securities and Exchange Commission (SEC), F5 first became aware of the breach on August 9, 2025. The attackers reportedly maintained persistent access to critical systems, including the company’s BIG-IP product development environment and its engineering knowledge management platform.

“During the course of its investigation, the Company determined that the threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment and engineering knowledge management platform,” the company wrote in the filing. “Through this access, certain files were exfiltrated, some of which contained certain portions of the Company’s BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP. We are not aware of any undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities. We have no evidence of modification to our software supply chain, including our source code and our build and release pipelines. This assessment has been validated through independent reviews by leading cybersecurity research firms.”

BIG-IP, F5’s flagship product, is widely used for application delivery networking (ADN) and traffic management by large enterprises, including 48 of the Fortune 50 companies. F5 serves more than 23,000 customers across 170 countries.

Platforms such as NGINX, F5 Distributed Cloud Services, and Silverline were not affected, and F5 confirms the integrity of BIG-IP software releases through multiple independent security reviews.

The company is still investigating which customers may have had configuration or implementation details stolen and says affected parties will be contacted directly.

F5 also revealed that the US Department of Justice had requested a delay in public disclosure of the incident to protect national security interests. The company is now releasing this information following DOJ approval.


Back to the list

Latest Posts

Thousands of domains target hotel guests in massive phishing campaign

The campaign employs a phishing kit that customizes the page presented to the site visitor depending on a unique string in the URL path.
12 November 2025

Hackers exploit Citrix and Cisco zero-days to deploy custom malware

Attackers leveraged the Cisco flaw to gain pre-authentication admin access and installed a custom web shell called “IdentityAuditAction,” masquerading as a legitimate ISE component.
12 November 2025

Russian hacker to plead guilty for role in Yanluowang ransomware attacks

Volkov acted as an initial access broker for the Yanluowang ransomware group breaking into company networks and selling access to other hackers.
12 November 2025
Popular Posts
Featured vulnerabilities
Remote denial of service in Palo Alto PAN-OS
Medium Patched | 12 Nov, 2025
Multiple vulnerabilities in Prisma Access Browser
High Patched | 12 Nov, 2025
Multiple vulnerabilities in OpenPrinting libcupsfilters and cups-filters
High Patched | 12 Nov, 2025
Denial of service in Raptor RDF Syntax library
Low Not Patched | 12 Nov, 2025
Multiple vulnerabilities in Google ChromeOS
High Patched | 12 Nov, 2025