1. Forum
  2. tqwNet
  3. TQW GENTECH

  • F5 breach fallout - over 266,000 instances exposed to remote atta

    From TechnologyDaily@1337:1/100 to All on Mon Oct 20 12:00:09 2025
    F5 breach fallout - over 266,000 instances exposed to remote attacks

    Date:
    Mon, 20 Oct 2025 10:55:14 +0000

    Description:
    Shadowserver Foundation tracks how many F5 instances are exposed online and could be targeted by nation-state attackers.

    FULL STORY ======================================================================F5 recently suffered a breach which saw attackers steal BIG-IP source code and vulnerability data Over 266,000 BIG-IP devices are exposed online, mostly in the US, Europe, and Asia CISA issued emergency patch deadlines to protect federal networks from potential exploitation

    More than 266,000 F5 BIG-IP instances connected to the public internet could be at risk of cyberattacks following the recent cyberattack suffered by the compay , experts have warned.

    F5 recently reported a nation-state affiliated cyber threat actor had stolen sensitive files including a portion of BIG-IP source code, and vulnerability information. With this data, the attackers could reportedly analyze F5s products, find zero-days, and develop different exploits and malware .

    The company pushed an emergency patch to fix all of the known
    vulnerabilities, and stressed that there was no immediate danger since critical or remotely exploitable vulnerabilities were not among the stolen files, and so far, theres been no evidence of exploitation in the wild.
    Attack surface

    Now, Shadowserver Foundation, a security nonprofit that monitors the internet for malicious activity and helps improve global cybersecurity, says that
    there are more than 266,000 F5 BIG-IP instances exposed online that could potentially be a target.

    The majority (around 142,000) are located in the United States, with Europe and Asia holding another 100,000.

    The nonprofit does not know how many of these instances were patched against these flaws. Its safe to assume that at least some of them were patched, so the attack surface is likely somewhat smaller than this.

    At the same time, The US Cybersecurity and Infrastructure Security Agency (CISA) urged Federal Civilian Executive Branch (FCEB) agencies to catalog and patch F5 products in their tech stack to minimize the risk.

    In the ED 26-01 emergency directive, CISA said the breach was an imminent threat to federal networks using F5s products since it could result in the compromise of API keys, data exfiltration, and even full compromise of targeted systems.

    For F5OS, BIG-IP TMOS, BIG-IQ, and BNK/CNF products, the deadline for
    patching is October 22, 2025, while for all other F5 products, it is October 31.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Russian tech firm attacked by Chinese state hackers in allied attack Take a look at our guide to the best authenticator app We've rounded
    up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/f5-breach-fallout-over-266-000-instance s-exposed-to-remote-attacks


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)