F5 incident (Incident)

F5 disclosed that in August 2025 a nation-state actor maintained persistent access to internal systems, exfiltrated portions of BIG-IP source code and details of ongoing vulnerability research, and accessed limited customer configuration data; F5 and third-party responders found no evidence of code tampering or compromised build pipelines, implemented containment measures (credential rotation, access hardening, segmentation, patching and monitoring), and CISA directed federal agencies to immediately mitigate affected F5 devices.