F5 Breach Puts Enterprises on Edge

It’s every cybersecurity vendor’s worst nightmare: A data breach exposes vulnerabilities in products meant to protect customer security. But that's just the scenario facing application security provider F5. According to the vendor’s report:

“In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems. These systems included our BIG-IP product development environment and engineering knowledge management platforms. We have taken extensive actions to contain the threat actor. Since beginning these activities, we have not seen any new unauthorized activity, and we believe our containment efforts have been successful.”

Various sources reported that the threat came from state-backed Chinese spies, who were said to have lurked inside F5’s network since 2023. Once F5 found the hack, it delayed revealing it publicly, apparently while it crafted the updates required to protect the affected products. In an SEC filing dated October 15, F5 reported that on “September 12, 2025, the U.S. Department of Justice determined that a delay in public disclosure was warranted pursuant to Item 1.05(c) of Form 8-K. F5 is now filing this report in a timely manner.” That item on the SEC form specifies that delays in filing a public disclosure are allowed in cases where reporting the situation would involve “a substantial risk to national security or public safety.”

Corresponding to F5’s formal revelation on October 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on that date issued an Emergency Directive advising government agencies to immediately “inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply updates from F5. CISA’s directive states: “This cyber threat actor presents an imminent threat to federal networks using F5 devices and software.”

F5’s updates are extensive and apply across its product line. Whether the government agencies affected remain open in view of the shutdown and were able to apply the updates isn’t clear.

A Widespread Ripple Effect

Related Articles

Alphabet Wiz Bid Raises Big Questions

If Alphabet/Google buys Wiz, it could face questions about the hefty pricetag

F5 Beefs Up AI Story with CalypsoAI Acquisition

With a methodical acquisition strategy, F5 has tied together API and AI security with networking

Building Autonomous Infrastructure with Observability and AIOps

The convergence of observability, AIOps (AI for Operations), and agentic AI is changing the way that enterprises and cloud providers manage infrastructure.