A threat actor has breached the internal systems of F5, Inc. (F5), a prominent American technology firm specializing in application security and delivery. In a disclosure filed with the U.S. Securities and Exchange Commission, F5 attributed the intrusion to a “highly sophisticated nation-state threat actor” who maintained long-term, persistent access to critical company environments.
The company stated it first learned of the breach on August 9, 2025, and promptly initiated its incident response plan, engaging leading external cybersecurity experts to contain the threat. Public disclosure was delayed at the request of the U.S. Department of Justice. F5 has confirmed it has since contained the breach and has not observed any new unauthorized activity.
The primary targets of the attack were the company’s product development and engineering knowledge platforms. According to F5, the threat actor successfully exfiltrated sensitive files. The compromised data includes:
- Portions of the source code for F5’s flagship BIG-IP product.
- Information related to undisclosed vulnerabilities that F5 was actively working to remediate.
- Configuration and implementation information for a small percentage of its customers.
F5 has emphasized that there is no evidence the attackers modified the software supply chain, its build and release pipelines, or accessed other product lines like NGINX.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive in response, calling the incident an “unacceptable risk” and an “imminent threat to federal networks.” The access to proprietary source code and vulnerability data could provide the threat actor with a significant technical advantage, potentially enabling them to discover new zero-day vulnerabilities and develop targeted exploits against F5 customers worldwide.
F5 is actively notifying the small number of customers whose configuration data was exposed. The company has released security updates for its affected products and strongly urges all customers to apply the patches immediately, harden their systems according to best practices, and utilize the threat-hunting guide F5 has provided.
