F5 reports data breach, source code and vulnerability info stolen

In this week's episode, Cody and Katie dive into the most significant cybersecurity threats impacting both government agencies and major corporations. We first analyze the "imminent threat" CISA warned federal networks face after a nation-state actor stole BIG-IP source code and vulnerability data from F5, prompting an emergency directive for agencies to immediately catalog and patch affected products. We then explore the controversial staff reductions at CISA, where up to 176 employees were laid off or forcibly reassigned to ICE teams, despite warnings that these cuts would have a devastating impact on cybersecurity operations. We also cover law enforcement's attempt to disrupt domains used by the Scattered Lapsus$ Hunters (ShinyHunters) group, coinciding with Oracle rushing out a second patch to break an exploit chain allegedly used by the hackers to steal sensitive corporate data, following a massive Qantas customer data leak. Finally, we detail the major healthcare breach at SimonMed Imaging, where the Medusa group leaked sensitive medical reports belonging to 1.2 million people, alongside the discovery of a publicly exposed, unencrypted database containing nearly 180,000 PII records potentially linked to the billing platform Invoicely. Watch the latest episode at (www.calmcoding.dev), YouTube, or listen on Spotify! https://lnkd.in/et5p8C8Q

Initial CRA Design requirements(DRAFT) Drafts currently available include : - Password Managers - Antivirus - Boot Managers - Network Interfaces - Operating Systems - Routers, Modems, and Switches if your product is on the CRA important or critical list, they will. They give a clear picture of how these standards will likely work - and what could become the new market default. If you are selling/shipping an embedded product in European market where #CRA is going to be enforced, you will need to either comply with the relevant standard or undergo a third-party assessment. It is better to get ready in time than starting late. Repository of PDFs: https://lnkd.in/eyubbnP8 ETSI site related to the CRA work: https://lnkd.in/ez8XikYT #CRA

Interesting framing — though one might argue that visibility without integrity is just surveillance with branding. Censys has done impressive work in asset discovery, but true resilience requires more than seeing what’s exposed — it demands governing what’s granted. That’s where identity context, not just surface enumeration, becomes the real differentiator. #CyberSecurity #IdentitySecurity #ZeroTrust #Visibility

Through a recent CSSF communication I came across the CIRCL Luxembourg TR-96 report addressing multiple vulnerabilities in F5 BIG-IP and BIG-IQ systems — some linked to source code exposure. Even though no active exploitation has been reported in Luxembourg, this alert reinforces the importance of strong ICT risk management and ongoing vigilance across critical infrastructures — especially under the regulatory frameworks of DORA and CSSF Circular 20/750. https://lnkd.in/dCQtfnAM

Think a strong password is enough? Think again. Discover how multi-factor authentication (MFA) adds that extra layer of defense to keep your accounts safer even if your password is compromised. Read more: https://nr.tn/4nT2bnG #CyberSecurityAwarenessMonth

Two Locks Are Better Than One Multi-Factor Authentication (MFA) adds an extra layer of protection. Even if a hacker steals your password, MFA keeps them out. Think of it as a digital deadbolt for your business.

Two Locks Are Better Than One Multi-Factor Authentication (MFA) adds an extra layer of protection. Even if a hacker steals your password, MFA keeps them out. Think of it as a digital deadbolt for your business.

🔒 𝗘𝘃𝗲𝗿 𝘄𝗼𝗻𝗱𝗲𝗿 𝗵𝗼𝘄 𝘁𝗵𝗲 𝗱𝗮𝘁𝗮 𝗳𝗿𝗼𝗺 𝘆𝗼𝘂𝗿 𝗲𝗺𝗯𝗲𝗱𝗱𝗲𝗱 𝗱𝗲𝘃𝗶𝗰𝗲𝘀 𝗶𝘀 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗲𝗱 𝘁𝗼 𝘁𝗵𝗲 𝘀𝗲𝗿𝘃𝗲𝗿 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝘀𝗼𝗺𝗲 𝗵𝗮𝗰𝗸𝗲𝗿 𝗶𝗻 𝗮 𝗵𝗼𝗼𝗱𝗶𝗲 𝗲𝗮𝘃𝗲𝘀𝗱𝗿𝗼𝗽𝗽𝗶𝗻𝗴 𝗵𝗮𝗹𝗳𝘄𝗮𝘆? This is where TLS (Transport Layer Security) comes in (your device's bodyguard), a cryptographic protocol that ensures secure, encrypted and authenticated communication. ⚙️ Here's how it works: 1. In TLS v1.2, your embedded device (the client) initiates the TLS handshake by sending its supported TLS versions and cipher suites. 2. The server responds by choosing the TLS version and cipher suite and provides its digital certificate for authentication. 3. The client then verifies the certificate with a certificate authority (CA) and both sides exchange session keys. 4. These keys are used to encrypt and decrypt all transmitted data ensuring that any attempt at interception, impersonation and tampering is effectively blocked. ⚡️ This process is even more efficient in TLS v1.3 where the client and server share all the information required to compute keys in the very first message cutting down 1 round trip time thus making the handshake faster.

Fortinet disclosed a high-severity vulnerability in its FortiOS operating system on October 14, 2025, that could enable local authenticated attackers to execute arbitrary system commands. Tracked as CVE-2025-58325, the flaw stems from an incorrect provision of specified functionality (CWE-684) in the CLI component, potentially leading to privilege escalation. This could result in full control over the device, data exfiltration, or further network compromise. No remote exploitation is possible, but the low attack complexity and high impact make it a prime target for insiders or compromised accounts. https://lnkd.in/e7nyKMHC