Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...
HealthcareInfoSecurity

Under Fire: Attackers Target Flaws in F5 and Citrix Gear

Flaws in major application delivery and security platforms and VPN gateways are being actively exploited or targeted. Under ...
CSO Online

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring ...
Infosecurity Magazine

NCSC Urges Immediate Patching of F5 BIG-IP Bug

UK organizations have been encouraged to immediately patch a critical new vulnerability in F5’s BIG-IP Access Policy Manager ...
The Tech Edvocate

Critical RCE Vulnerability in F5 BIG-IP APM Poses Serious Threat to Organizations

Spread the loveThe cybersecurity landscape is under constant threat, with various vulnerabilities being exploited by malicious actors. Recently, the US Cybersecurity and Infrastructure Security Agency ...

Update now! Attacks on F5 BIG-IP Access Policy Manager observed

IT managers who use F5 BIG-IP Access Policy Manager (APM) (now operating under the name “BIG-IP Zero Trust Access”) for app ...
The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
Network World

F5 appliance extends remote access

F5 Networks is wheeling out new hardware that lets more remote users securely connect simultaneously to corporate networks than past iterations of its product. F5 Networks is wheeling out new hardware ...
Bleeping Computer

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code ...
Threat Post

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

The vulnerability is ‘critical’ with a CVSS severity rating of 9.8 out of 10. Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to ...
Morningstar

Kasm Technologies Collaborates with F5 to Deliver Zero Trust Virtual Desktop Access for the Modern Enterprise

ARLINGTON, Va., Dec. 17, 2025 /PRNewswire/ -- Kasm Technologies, a leader in containerized virtual desktop infrastructure (VDI), and F5, a global leader in multi-cloud application security and ...
Network World

F5 device enforces LAN access

LAS VEGAS – F5 Networks is getting ready to speed up its remote access SSL VPN gear so it can act as a policy enforcer for devices wired to LANs. The company later this year will boost the capacity of ...