F5, a leading US cybersecurity company, revealed that nation-state hackers breached its systems, stealing undisclosed BIG-IP security vulnerabilities and source code. The breach was discovered on August 9, 2025, with the attackers gaining long-term access to F5’s system development environment and engineering knowledge management platform.
F5 has 23,000 customers worldwide, with 48 Fortune 50 entities using its products. BIG-IP is the company’s flagship product for application delivery and traffic management used by many large enterprises globally.
Although the hackers stole sensitive information, F5 claims there’s no evidence they exploited it in actual attacks. The company has taken remediation action to tighten access, improve threat monitoring, and deploy enhanced security measures.
F5 will contact customers who had configuration or implementation details stolen and urges them to install new software updates for BIG-IP products. Customers can also follow new best practices for hardening F5 systems using automated tools.
The US Department of Justice has requested a delay in public disclosure to allow sufficient time to secure critical systems, but the incident has no material impact on F5’s operations, and services remain available and safe.
Source: https://www.bleepingcomputer.com/news/security/hackers-breach-f5-to-steal-undisclosed-big-ip-flaws-source-code