Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
The cyber incident that is too “isolated” to accentuate to mass media...
Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deploy...
Conifers AI Opens Singapore Data Region, Bringing Local Data Residency...
Finally taken down: Residential proxy network of at least 2m smart dev...
DXC Opens Flagship AI-first Customer Experience Center in Bengaluru
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      S E Asia governments targeted by cyber-espionage group

      S E Asia governments targeted by cyber-espionage group

      Tuesday, June 23, 2026, 8:00 AM Asia/Singapore | Features
    • Featured

      Rethinking network and infrastructure design for resilience

      Rethinking network and infrastructure design for resilience

      Thursday, June 18, 2026, 2:17 PM Asia/Singapore | Features
    • Featured

      Bringing cybercriminals to justice in APAC

      Bringing cybercriminals to justice in APAC

      Thursday, June 11, 2026, 10:30 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • AWARDS 2026
  • Directory
  • E-Learning

Select Page

News

Source code of major enterprise software stolen in prolonged breach

By CybersecAsia editors | Friday, October 17, 2025, 3:57 PM Asia/Singapore

Source code of major enterprise software stolen in prolonged breach

Sophisticated threat actors access a networking firm’s development system, exfiltrating source code and vulnerability data, prompting urgent patching directives.

On 15 Oct 2025, a Seattle-based maker of networking software disclosed a major breach on 9 Aug 2025 by a state-sponsored threat actor that had who secretly maintained persistent access to its network for an extended period, possibly years.

In the current disclosure now (due to permitted delays), the attackers are said to have infiltrated the segment of F5’s network responsible for the development and distribution of software updates of a widely used product deployed by many corporations and government agencies.

During this breach (right after one in 2024), the hackers had likely exfiltrated proprietary source code and documents detailing privately reported but unpatched vulnerabilities, giving them deep insight into potential security flaws and enabling the development of targeted exploits. In addition, the attackers have accessed configuration files related to some customers, potentially exposing sensitive credential information.

Despite extensive investigations involving two cybersecurity firms, no evidence was found that critical customer-facing systems like CRM or financial platforms were compromised, or that the attackers had tampered with other products.

In response upon detecting the current breach, F5 had taken rapid actions including rotating credentials, updating security certificates, reinforcing access controls, and enhancing network security architectures. They have urged customers to immediately apply newly released security updates across BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.

Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring all federal agencies to inventory F5 BIG-IP devices, assess network exposure, and apply patches by 22 October, 2025, with compliance reports due by 29 October 29. The agency has warned the breach poses an “imminent threat”, as state-sponsored hackers have the capability to exploit source code access to launch supply-chain attacks, steal credentials, and conduct network-wide compromises. CISA has strongly urged all entities using F5 products to undertake the recommended security measures without delay.

Similarly, the United Kingdom’s National Cyber Security Centre has alerted F5 customers to potential risks from this breach, advising them to identify all affected devices, evaluate for compromises, report incidents, and deploy the latest security patches immediately.

Share:

PreviousScammers exploit popular anime film release with fake websites and phishing schemes
NextAnt Digital Technologies Joins HKMA GenA.I. Sandbox as Technology Partner

Related Posts

Ransomware collateral costs 7x more than ransoms paid: study

Ransomware collateral costs 7x more than ransoms paid: study

Monday, May 9, 2022

Hub for Operational Technology protection wins a powerful ally

Hub for Operational Technology protection wins a powerful ally

Thursday, March 19, 2020

Over 400 vulnerabilities discovered in Qualcomm Snapdragon Chips

Over 400 vulnerabilities discovered in Qualcomm Snapdragon Chips

Wednesday, August 12, 2020

Two major public clouds are harboring the world’s bad bots: study

Two major public clouds are harboring the world’s bad bots: study

Wednesday, September 8, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Critical Security Threatsand the Need for ZTNA: How evolving cyberattacks demand a Zero Trust approach

    Cyber threats have become more frequent and sophisticated, targeting organizations of all sizes across all …Download Whitepaper
  • Zero Trust Made Simple: Why it matters and how to get started

    Zero Trust Made Simple: Why it matters and how to get started

    Data breaches and cyberattacks are no longer limited to large, high-profile organizations.Download Whitepaper
  • Cloud Secure Edge: Remote access, better security

    Cloud Secure Edge: Remote access, better security

    ​SonicWall Cloud Secure Edge™ is a modern, cloud-native Security Service Edge (SSE) solution that addresses …Download Whitepaper
  • Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Closing the Gap in Email Security:How To Stop The 7 Most SinisterAI-Powered Phishing Threats

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • How a Vietnamese D2C retailer built its own secure digital infrastructure

    How a Vietnamese D2C retailer built its own secure digital infrastructure

    Would your organization build your own digital infrastructure – including AI governance and cybersecurity – …Read more
  • Cyber protection for medical clinics in Singapore

    Cyber protection for medical clinics in Singapore

    As Singapore’s healthcare sector becomes increasingly digital and interconnected, clinics are facing heightened cyber risks, …Read more
  • India’s WazirX strengthens governance and digital asset security

    India’s WazirX strengthens governance and digital asset security

    Revamping its custody infrastructure using multi‑party computation tools has improved operational resilience and institutional‑grade safeguardsRead more
  • Bangladesh LGED modernizes communication while addressing data security concerns

    Bangladesh LGED modernizes communication while addressing data security concerns

    To meet emerging data localization/privacy regulations, the government engineering agency deploys a secure, unified digital …Read more

Bottom sidebar

Other News

  • Sparsa AI Launches Sovereign Enterprise AI Platform with Global Deployment at QNET

    Wednesday, July 8, 2026
    The Sparsa AI Enterprise Operating …Read More »
  • Conifers AI Opens Singapore Data Region, Bringing Local Data Residency to Asia-Pacific Security Teams

    Wednesday, July 8, 2026
    With data regions now spanning …Read More »
  • DXC Opens Flagship AI-first Customer Experience Center in Bengaluru

    Tuesday, July 7, 2026
    Strengthens DXC’s India presence with …Read More »
  • D-Link Brings Advanced AI Fall Detection and Privacy Protection to Home Elderly Care with the New DCS-8610 Wi-Fi Camera

    Monday, July 6, 2026
    Advanced technologies traditionally found in …Read More »
  • ICAC Commissioner attends first IAACA European regional anti-corruption conference in Hungary

    Friday, July 3, 2026
    BUDAPEST, Hungary, July 2, 2026 …Read More »
  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2026 CybersecAsia All Rights Reserved.