Security Alert: F5 Confirms Breach of Internal Systems

F5 has confirmed that a sophisticated cyber attack led to unauthorised access within its corporate network.

According to the company’s official statement (https://my.f5.com/manage/s/article/K000154696), a threat actor gained entry to F5’s internal development environment and accessed portions of source code relating to BIG-IP and F5OS products.

F5 has stated that there is no evidence of compromise to customer data, financial systems, or F5’s product build environments. However, some internal documentation and vulnerability information may have been exposed. The company has implemented containment measures, notified relevant authorities, and continues to work with law enforcement and third-party experts to complete its investigation.

While F5 products remain operational and no active exploits are confirmed at this time, the theft of source code and vulnerability data raises legitimate concerns for organisations relying on F5 technologies within their network infrastructure.

SCC advises customers and partners to:

• Review F5’s official security notice and apply all current patches.

• Confirm that BIG-IP and F5OS systems are running the latest software versions.

• Increase monitoring for unusual activity and configuration changes.

• Review remote and administrative access policies.

Cyber incidents of this nature highlight the continuing importance of defence-in-depth, proactive monitoring, and early detection.

If your organisation is concerned about potential exposure, resilience, or would like to explore mitigation options, the SCC Security team is available to provide guidance and tailored support.

Read F5’s full advisory: https://my.f5.com/manage/s/article/K000154696

Contact SCC Security: [email protected]

Editor : Julian Gustea, Software & Security, Marketing UK, SCC