https://community.isc2.org/t5/Threats/F5-Security-Breach/m-p/85021#M1724 <P>What seems to have occurred is that someone got into F5's internal documents, and the worry is they can use that info to craft attacks against F5 devices. The fact that F5 has released mitigating patches tells me that somewhere in those documents may be things like API keys or other configuration-type info that could lead to&nbsp; elevated access to the devices. However, the between-the-lines seems to say the stolen information by itself shouldn't cause a compromise.</P><P>&nbsp;</P><P>Maybe that is part of the shoulder-shrug to all this is that there is not an actual attack (yet) tied to this breach.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 24 Oct 2025 13:53:43 GMT JoePete 2025-10-24T13:53:43Z https://community.isc2.org/t5/Threats/F5-Security-Breach/m-p/84997#M1723 <P>I'm surprised I've not seen this mentioned on here at all, so if you weren't aware, F5 announced it had suffered a major security breach last week:</P><P>&nbsp;</P><P><A href="https://my.f5.com/manage/s/article/K000154696" target="_blank" rel="noopener">https://my.f5.com/manage/s/article/K000154696</A></P><P>&nbsp;</P><P>Their CEO posted this on LinkedIn a little while ago:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image" style="width: 546px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/10275iBB981445CCF6BECD/image-size/large?v=v2&amp;px=999" role="button" title="image" alt="image" /></span></P><P>&nbsp;</P><P>Which in turn includes a link to a blog post from their CISO:</P><P>&nbsp;</P><P><A href="https://www.f5.com/company/blog/lessons-we-are-learning-from-our-security-incident" target="_blank" rel="noopener">https://www.f5.com/company/blog/lessons-we-are-learning-from-our-security-incident</A></P><P>&nbsp;</P><P>Here's CISA's emergency directive on the subject:</P><P>&nbsp;</P><P><A href="https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices" target="_blank" rel="noopener">https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices</A></P><P>&nbsp;</P><P>Are folks just not using F5 anymore, so not really interested in this?</P> Thu, 23 Oct 2025 15:59:02 GMT https://community.isc2.org/t5/Threats/F5-Security-Breach/m-p/84997#M1723 AlecTrevelyan 2025-10-23T15:59:02Z https://community.isc2.org/t5/Threats/F5-Security-Breach/m-p/85021#M1724 <P>What seems to have occurred is that someone got into F5's internal documents, and the worry is they can use that info to craft attacks against F5 devices. The fact that F5 has released mitigating patches tells me that somewhere in those documents may be things like API keys or other configuration-type info that could lead to&nbsp; elevated access to the devices. However, the between-the-lines seems to say the stolen information by itself shouldn't cause a compromise.</P><P>&nbsp;</P><P>Maybe that is part of the shoulder-shrug to all this is that there is not an actual attack (yet) tied to this breach.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 24 Oct 2025 13:53:43 GMT https://community.isc2.org/t5/Threats/F5-Security-Breach/m-p/85021#M1724 JoePete 2025-10-24T13:53:43Z