Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks ...
The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
Ars Technica

Thousands of customers imperiled after nation-state ransacks F5’s network

Thousands of networks—many of them operated by the US government and Fortune 500 companies—face an “imminent threat” of being breached by a nation-state hacking group following the breach of a major ...
Ars Technica

Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion

Researchers on Wednesday reported critical vulnerabilities in a widely used networking appliance that leaves some of the world’s biggest networks open to intrusion. The vulnerabilities reside in ...
Dark Reading

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

A critical security vulnerability in F5's BIG-IP application security product line, which was first disclosed in October as a high-severity denial-of-service (DoS) flaw, is under active exploitation ...