F5 Confirms Nation-State Breach, Source Code and Vulnerability Data Stolen

F5 has confirmed it was the victim of a state-sponsored cyberattack that allowed hackers to access its internal systems and steal valuable technical data. The company says the attackers gained long-term access before being detected in August 2025.

According to F5’s official statement, the incident led to the theft of files containing parts of its BIG-IP source code, internal vulnerability research, and configuration details for a small number of customers. The company said it has found no evidence that its software build systems or update mechanisms were tampered with, and normal operations remain unaffected.

The UK’s National Cyber Security Centre (NCSC) later confirmed that the incident compromised parts of F5’s internal network and involved advanced, persistent techniques consistent with nation-state operations. Government agencies and enterprise customers using F5’s BIG-IP and related products have been urged to apply all recent patches and review access controls.

Investigators believe ...