1010.cx

  • Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk

    ·

    , ,

    Over 269,000 F5 devices are reportedly exposed to the public internet daily, according to data from The Shadowserver Foundation.

    This exposure comes at a critical time following F5’s disclosure of a sophisticated nation-state attack that compromised its development environment, stealing source code and details on undisclosed vulnerabilities in BIG-IP products.

    Nearly half of these exposed IPs, around 134,000, are located in the United States, raising alarms for organizations worldwide relying on F5’s application delivery controllers for secure network operations.

    The breach, detected in August 2024 but involving long-term unauthorized access, underscores the vulnerabilities in F5’s infrastructure that could now amplify risks for exposed devices.

    Cybersecurity experts warn that the stolen information may enable attackers to craft targeted exploits, potentially leading to remote code execution or data exfiltration on unpatched systems.

    As federal agencies like CISA issue emergency directives, the sheer volume of internet-facing F5 hardware amplifies the threat landscape for enterprises in finance, government, and critical infrastructure sectors.

    F5 Networks confirmed on October 15, 2025, that advanced persistent threat actors had infiltrated its BIG-IP development systems, exfiltrating proprietary source code and vulnerability data not yet publicly disclosed or patched.

    This incident, described by F5 as involving “highly sophisticated” nation-state hackers, targeted engineering platforms and could compromise the integrity of future product releases.

    No direct evidence points to customer networks being breached yet, but the access to undisclosed flaws, potentially zero-days, heightens the urgency for immediate inventorying and updating of all BIG-IP instances.

    CISA’s Emergency Directive 26-01 mandates federal agencies to harden public-facing F5 devices and remove unsupported hardware, signaling the breach’s national security implications.

    The compromise affects products like BIG-IP iSeries, rSeries, F5OS-A, and BIG-IQ, with recent quarterly patches addressing related CVEs such as CVE-2025-61955 and CVE-2025-60013.

    F5 Devices Exposed Online

    Security firms like Sophos and Tenable emphasize monitoring for exploitation attempts, noting the potential for credential theft and lateral movement in affected environments.

    The Shadowserver Foundation’s Device Identification Report highlights the scale of the problem, scanning and identifying approximately 269,000 F5 device IPs daily accessible from the internet, with device_vendor filtered to F5.

    This data, shared via public reports, reveals a geographical concentration: the US dominates with 134,000 exposures, followed by countries like Japan, China, Germany, and the UK.

    Such visibility makes these devices prime targets for scanning and exploitation, especially post-breach when attackers may leverage stolen insights for precision strikes.

    Experts from organizations like Eclypsium stress that exposed iControl REST APIs, a common misconfiguration in F5 setups, have historically led to unauthenticated access vulnerabilities.

    With the recent theft of flaw details, unpatched or internet-facing BIG-IP systems face elevated risks of denial-of-service, buffer overflows, or full system takeover.

    Organizations must act swiftly by applying F5’s October 2025 security notifications, which include fixes for multiple modules in BIG-IP and F5OS platforms.

    The Shadowserver report provides daily IP feeds for proactive scanning, urging users to cross-reference with internal logs for indicators of compromise.

    As the F5 incident unfolds, this mass exposure serves as a clarion call for robust network segmentation and regular vulnerability assessments.

    With nation-state actors in play, the cybersecurity community anticipates increased exploit activity, making device visibility and rapid patching non-negotiable for global defenders.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post Over 269,000 F5 Devices Exposed Online After Major Breach: U.S. Faces Largest Risk appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Over 269,000 F5 Devices Found Exposed Online After Massive Breach

    ·

    , ,

    A recent breach of F5 Networks’ infrastructure has left more than 269,000 devices exposed and vulnerable to attack. Security researchers first detected unusual activity on F5’s management portal, prompting the company to issue an alert and patch critical vulnerabilities. However, despite swift action, a daily snapshot from Shadowserver shows that nearly 269,000 unique IP addresses […]

    The post Over 269,000 F5 Devices Found Exposed Online After Massive Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • The Netherlands joins US Air Force’s robot wingman program

    ·

    WASHINGTON—The Netherlands wants in on the U.S. Air Force’s collaborative combat aircraft program to boost their own fleet of F-35 fighter jets. The Dutch Defense Ministry inked a letter of intent to cooperate in the program Thursday. 

    The Netherlands also signed a separate agreement with General Atomics as part of a broader effort to boost the country’s defenses and drone tech. 

    “We think that this is a unique point in time and it reinforces the partnership we have with the U.S. And I think it also makes the world a lot safer if in the near future we can actually also operate CCA type of aircraft in the European theater,” Gijs Tuinman, Dutch State Secretary for Defense, told reporters Thursday after announcing the agreement at the Dutch embassy’s defense industry event. 

    The country has partnered with the U.S. on the F-16 and F-35, which makes a CCA investment a natural next step that help proliferate the tech across Europe, Tuinman said, noting the Netherlands needs roughly equal numbers manned, unmanned, and attritable systems for its defenses. 

    “The Netherlands is like the jumping pad for the United States to get into Europe. So we have always [had a] strong or transatlantic relationship. That's my message here too: to sign the deal, but also to express that we understand the message from the U.S…that the Netherlands and Europe should shift the burden a bit” by increasing defense spending, Tuinman said. 

    The agreement allows the Netherlands access to the CCA program as it develops, to share data, and to provide input for requirements for use in Europe. 

    The Netherlands also penned an agreement with General Atomics to develop new small unmanned aircraft systems for intelligence, surveillance, and reconnaissance that are affordable and can hold a variety of payloads.

    Tuinman said the drone industry lacks systems that can “penetrate [anti-access/area-denial] bubbles and have a diverse set of ISR and strike capabilities.” 

    General Atomics will work with Netherlands-based VDL Defentec to engineer and produce the new systems.

    The move comes months after General Atomics and fellow CCA-maker Anduril began pitching tailorable versions of the platform—and co-production—to European countries at the Paris Air Show this summer.

    The Dutch partnership aims to address immediate security threats as Russia’s war on Ukraine persists and drone activity increases across Europe. Drones recently disrupted communications during a Dutch military exercise in Poland.

    “Putin is testing us in every possible way,” Tuinman said. “Hybrid attacks are already taking place across Europe…including my own country. And over the past weeks, various locations in Europe have been plagued by large amounts of mysterious drones testing the strength of our response, resilience, and most of all our alliance.” 

    Teaming with General Atomics, and other U.S. defense companies, also creates an opportunity to bolster defense industries on both sides of the Atlantic Ocean, Birgitta Tazelaar, the Dutch ambassador to the U.S., said Thursday during opening remarks at the embassy’s annual defense industry event. 

    Spending more on defense “means that we're going to build up a European defense industry, but it also means that we're going to work very well together with our American partners in doing so. And this is crucial. Look at our adversaries and our competitors. They are doing the same, and it is extremely important to keep our strategic advantage by working together and integrating our industrial bases to the extent that we both benefit,” Tazelaar said.

    ]]>

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • F5 Released Security Updates Covering Multiple Products Following Recent Hack

    ·

    , , ,

    F5 Networks, a leading provider of application security and delivery solutions, has disclosed a significant security breach involving a nation-state threat actor, prompting the release of critical updates for its core products.

    Detected in August 2025, the incident exposed internal systems to prolonged unauthorized access, leading to the theft of BIG-IP source code and undisclosed vulnerability data.

    In response, F5 has rolled out patches across BIG-IP, F5OS, BIG-IQ, APM clients, and BIG-IP Next for Kubernetes to safeguard customers amid heightened risks.

    The intrusion came to light on August 9, 2025, when F5 identified suspicious activity within its BIG-IP product development environment and engineering knowledge platforms.

    The advanced adversary maintained persistent access, exfiltrating sensitive files including portions of source code and configuration details for a limited number of customers.

    No evidence suggests alterations to the software supply chain or impacts on production systems, but the stolen intellectual property raises concerns about potential zero-day exploits targeting unpatched deployments.

    F5 swiftly contained the threat through comprehensive measures, halting further unauthorized actions and confirming no ongoing intrusions.

    The company enlisted top cybersecurity firms like CrowdStrike and Mandiant for investigation support, while collaborating with law enforcement and government agencies.

    This proactive stance aligns with F5’s vulnerability management practices, now intensified to bolster enterprise and product security postures.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded with Emergency Directive ED 26-01, mandating federal agencies to patch and isolate affected F5 assets immediately.

    F5 Security Updates

    On October 15, 2025, F5 published its Quarterly Security Notification, detailing 44 vulnerabilities addressed in the latest releases, many tied to the breach’s implications.

    High-severity CVEs dominate, with scores up to 8.7 under CVSS v3.1, affecting components like SCP/SFTP in BIG-IP (CVE-2025-53868) and F5OS platforms (CVE-2025-61955).

    These flaws enable potential denial-of-service, privilege escalation, and remote code execution, particularly in appliance modes where risks escalate.

    Medium and low-risk issues include iControl REST vulnerabilities (CVE-2025-59481) and configuration utility exposures, fixed in versions such as BIG-IP 17.5.1.3 and F5OS-C 1.8.2.

    High Severity Vulnerabilities

    CVE IDCVSS Score (v3.1 / v4.0)Affected ProductsAffected VersionsFixes Introduced In
    CVE-2025-53868​8.7 / 8.5BIG-IP (all modules)17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-61955​7.8 (standard) / 8.8 (appliance) / 8.5F5OS-A, F5OS-CF5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3F5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4
    CVE-2025-57780​7.8 (standard) / 8.8 (appliance) / 8.5F5OS-A, F5OS-CF5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3F5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4
    CVE-2025-60016​7.5 / 8.7BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNFBIG-IP: 17.1.0-17.1.1; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.3.3BIG-IP: 17.1.2; Next SPK: 2.0.0; Next CNF: 2.0.0, 1.4.0
    CVE-2025-48008​7.5 / 8.7BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNFBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1BIG-IP: 17.1.2.2, 16.1.6, 15.1.10.8; Next SPK: None; Next CNF: None
    CVE-2025-59781​7.5 / 8.7BIG-IP (all modules), BIG-IP Next CNFBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Next CNF: 1.1.0-1.4.0BIG-IP: 17.1.2.2, 16.1.6, 15.1.10.8; Next CNF: 1.4.0 EHF-3^4
    CVE-2025-41430​7.5 / 8.7BIG-IP SSL Orchestrator17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.3, 15.1.0-15.1.917.5.1, 17.1.3, 16.1.4
    CVE-2025-55669​7.5 / 8.7BIG-IP ASM17.1.0-17.1.2, 16.1.0-16.1.517.1.2.2, 16.1.6
    CVE-2025-61951​7.5 / 8.7BIG-IP (all modules)17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.617.5.1, 17.1.3, 16.1.6.1
    CVE-2025-55036​7.5 / 8.7BIG-IP SSL Orchestrator17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.1017.1.3, 16.1.6, 15.1.10.8
    CVE-2025-54479​7.5 / 8.7BIG-IP PEM, BIG-IP Next CNF, BIG-IP Next for KubernetesBIG-IP PEM: 17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.0; Next K8s: 2.0.0-2.1.0BIG-IP PEM: 17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-2^4
    CVE-2025-46706​7.5 / 8.7BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNFBIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5; Next SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1BIG-IP: 17.1.2.2, 16.1.6; Next SPK: 2.0.0, 1.7.14 EHF-2^4; Next CNF: 2.0.0, 1.4.0 EHF-3^4
    CVE-2025-59478​7.5 / 8.7BIG-IP AFM17.5.0, 17.1.0-17.1.2, 15.1.0-15.1.1017.5.1, 17.1.3, 15.1.10.8
    CVE-2025-61938​7.5 / 8.7BIG-IP Advanced WAF/ASM17.5.0, 17.1.0-17.1.217.5.1, 17.1.3
    CVE-2025-54858​7.5 / 8.7BIG-IP Advanced WAF/ASM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-58120​7.5 / 8.7BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for KubernetesNext SPK: 2.0.0, 1.7.0-1.7.14; Next CNF: 2.0.0, 1.1.0-1.4.1; Next K8s: 2.0.0Next SPK: 2.0.1, 1.7.14 EHF-2^4; Next CNF: 2.0.1; Next K8s: 2.1.0
    CVE-2025-53856​7.5 / 8.7BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-61974​7.5 / 8.7BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for KubernetesBIG-IP: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next SPK: 2.0.0-2.0.2, 1.7.0-1.9.2; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0BIG-IP: 17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8; Next SPK: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.7.14 EHF-2^4; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4
    CVE-2025-58071​7.5 / 8.7BIG-IP (all modules), BIG-IP Next CNF, BIG-IP Next for KubernetesBIG-IP: 17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0BIG-IP: 17.5.1, 17.1.3, 16.1.6.1, 15.1.10.8; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4
    CVE-2025-53521​7.5 / 8.7BIG-IP APM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-61960​7.5 / 8.7BIG-IP APM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.617.5.1.3, 17.1.3, 16.1.6.1
    CVE-2025-54854​7.5 / 8.7BIG-IP APM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-53474​7.5 / 8.7BIG-IP APM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-61990​7.5 / 8.7BIG-IP (all modules), BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for KubernetesBIG-IP: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10; Next SPK: 2.0.0-2.0.2, 1.7.0-1.9.2; Next CNF: 2.0.0-2.1.0, 1.1.0-1.4.1; Next K8s: 2.0.0-2.1.0BIG-IP: 17.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8; Next SPK: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.7.15 EHF-2^4; Next CNF: 2.1.0 EHF-1^4, 2.0.2 EHF-2^4, 2.0.0 EHF-2^4, 1.4.0 EHF-3^4; Next K8s: 2.1.0 EHF-1^4
    CVE-2025-58096​7.5 / 8.7BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-61935​7.5 / 8.7BIG-IP Advanced WAF/ASM17.5.0, 17.1.0-17.1.2, 15.1.0-15.1.1017.5.1, 17.1.3, 15.1.10.8
    CVE-2025-59778​7.5 / 7.7F5OS-C1.8.0-1.8.1, 1.6.0-1.6.2^31.8.2, 1.6.4

    Medium Severity Vulnerabilities

    CVE IDCVSS Score (v3.1 / v4.0)Affected ProductsAffected VersionsFixes Introduced In
    CVE-2025-59481​6.5 (standard) / 8.7 (appliance) / 8.5BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-61958​6.5 (standard) / 8.7 (appliance) / 8.5BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.1, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-47148​6.5 / 7.1BIG-IP APM, APM with SWG, SSL Orchestrator, SSL Orchestrator with SWG17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-47150​6.5 / 7.1F5OS-A, F5OS-CF5OS-A: 1.8.0-1.8.1^3, 1.5.1-1.5.2; F5OS-C: 1.6.0-1.6.2^3, 1.8.0F5OS-A: 1.8.3, 1.5.3; F5OS-C: 1.6.4
    CVE-2025-55670​6.5 / 7.1BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for KubernetesNext SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1; Next K8s: 2.0.0Next SPK: None; Next CNF: None; Next K8s: 2.1.0
    CVE-2025-54805​6.5 / 6.0BIG-IP Next SPK, BIG-IP Next CNF, BIG-IP Next for KubernetesNext SPK: 1.7.0-1.9.2; Next CNF: 1.1.0-1.4.1; Next K8s: 2.0.0Next SPK: 2.0.0; Next CNF: 2.0.0; Next K8s: 2.1.0
    CVE-2025-59269​6.1 / 8.4BIG-IP (all modules)17.5.0, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-58153​5.9 / 8.2BIG-IP (all modules)17.5.0, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1, 16.1.6.1, 15.1.10.8
    CVE-2025-60015​5.7 / 6.9F5OS-A, F5OS-CF5OS-A: 1.8.0^3, 1.5.1-1.5.3; F5OS-C: 1.8.0-1.8.1, 1.6.0-1.6.2^3F5OS-A: 1.8.3, 1.5.4; F5OS-C: 1.8.2, 1.6.4
    CVE-2025-59483​6.5 / 8.5BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-60013​5.7 / 4.6F5OS-A1.8.0^3, 1.5.1-1.5.31.8.3, 1.5.4
    CVE-2025-59268​5.3 / 6.9BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-58474 ​5.3 / 6.9BIG-IP Advanced WAF/ASM, NGINX App Protect WAFBIG-IP: 17.1.0-17.1.1; NGINX: 4.5.0-4.6.0BIG-IP: 17.1.2; NGINX: 4.7.0
    CVE-2025-61933 ​6.1 / 5.1BIG-IP APM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-54755 ​4.9 / 6.9BIG-IP (all modules)17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.3, 17.1.3, 16.1.6.1, 15.1.10.8
    CVE-2025-53860 ​4.1 / 5.6F5OS-A1.8.0^3, 1.5.1-1.5.21.8.3, 1.5.3

    Low Severity Vulnerabilities

    CVE IDCVSS Score (v3.1 / v4.0)Affected ProductsAffected VersionsFixes Introduced In
    CVE-2025-58424 ​3.7 / 6.3BIG-IP (all modules), F5 Silverline (all services)BIG-IP: 17.1.0-17.1.2, 16.1.0-16.1.5, 15.1.0-15.1.10; Silverline: N/ABIG-IP: 17.1.2.2^3, 16.1.6^3, 15.1.10.8^3; Silverline: N/A

    Security Exposures

    Exposure IDAffected ProductsAffected VersionsFixes Introduced In
    K000150010: BIG-IP AFM security exposure ​BIG-IP AFM17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.1017.5.1.1, 17.1.3

    BIG-IP Next for Kubernetes receives targeted hotfixes, like 2.1.0 EHF-14, to mitigate TMM and SSL/TLS weaknesses. Security exposures in BIG-IP AFM are also resolved, emphasizing the need for swift upgrades across all supported versions.

    F5 stresses that while no active exploitation of undisclosed flaws is known, updating is essential to prevent lateral movement and data exfiltration in customer networks.

    Customers should prioritize applying these updates, enabling event streaming to SIEM tools, and isolating management interfaces from public access.

    Decommissioning end-of-life products further reduces exposure. F5’s transparency underscores the evolving nation-state threats, where stolen code could fuel sophisticated attacks on critical infrastructure.

    By patching promptly, organizations can maintain robust defenses against this and future incidents. For full details, refer to F5’s official notification.

    Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

    The post F5 Released Security Updates Covering Multiple Products Following Recent Hack appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux

    ·

    , , ,

    Security researchers from Synacktiv CSIRT have uncovered a sophisticated Linux rootkit dubbed LinkPro that leverages eBPF (extended Berkeley Packet Filter) technology to establish persistent backdoor access while remaining virtually invisible to traditional monitoring tools. The infection chain originated from a vulnerable Jenkins server exposed to the internet, exploited through CVE-2024-23897. Threat actors leveraged this initial […]

    The post LinkPro: An eBPF-Based Rootkit Hiding Malicious Activity on GNU/Linux appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • VMware Releases Workstation & Fusion 25H2 With Enhanced Features and OS Support

    ·

    ,

    VMware has launched the latest versions of its desktop hypervisors, Workstation 25H2 and Fusion 25H2, bringing significant improvements to virtualization technology. These updates introduce a simplified versioning system, powerful new features, and expanded compatibility with modern operating systems and hardware. VMware has abandoned traditional version numbering like Workstation 17.6.x and Fusion 13.6.x in favor of […]

    The post VMware Releases Workstation & Fusion 25H2 With Enhanced Features and OS Support appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

    ·

    Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were “used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy Rhysida ransomware,” the Microsoft Threat Intelligence team said in a post shared on X. The tech

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution

    ·

    , , , ,

    Cisco has disclosed a serious security vulnerability affecting its IOS and IOS XE Software that could allow attackers to execute remote code or crash affected devices. The flaw, tracked as CVE-2025-20352, resides in the Simple Network Management Protocol (SNMP) subsystem and carries a CVSS score of 7.7, marking it as a high-severity threat. Overview of […]

    The post Critical Cisco IOS and IOS XE Flaws Allow Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • F5 Issues Security Patches for Multiple Products After Recent Breach

    ·

    , , , ,

    F5 Networks has released comprehensive security patches addressing multiple critical vulnerabilities across its product portfolio following a recent security incident. The company issued its quarterly security notification on October 15, 2025, documenting numerous high-severity vulnerabilities that could potentially expose enterprise networks to significant security risks. Extensive Vulnerability Disclosure Reveals Multiple Attack Vectors The security advisory […]

    The post F5 Issues Security Patches for Multiple Products After Recent Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets

    ·

    , ,

    The cybersecurity landscape has witnessed a significant evolution in attack techniques with North Korean threat actors adopting EtherHiding, a sophisticated method that leverages blockchain technology to distribute malware and facilitate cryptocurrency theft. EtherHiding represents a fundamental shift in how cybercriminals store and deliver malicious payloads by embedding malware code within smart contracts on public blockchains […]

    The post North Korean Hackers Exploit EtherHiding to Spread Malware and Steal Crypto Assets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶