Samuel Adeduntan’s Post

The most severe vulnerability discovered in the last 24 hours is CVE-2025-62168, a CVSS 10.0 information disclosure flaw in Squid Proxy. It occurs when Squid’s error handling fails to redact HTTP authentication credentials, allowing remote attackers to harvest tokens or credentials used by trusted clients and backend systems — even if HTTP authentication isn’t configured. The issue affects all versions up to 7.1 and is fixed in 7.2; immediate mitigation includes disabling the email_err_data directive in squid.conf.securityonline. #CVE202562168 #SquidProxy #CyberSecurity #InfoSec #VulnerabilityManagement #ZeroDay #AuthenticationLeak https://lnkd.in/dutq43g3 https://lnkd.in/dZuv3Jk7

F5 disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product.  https://lnkd.in/g_7ZSGNU

A nation-state affiliated cyber threat actor has compromised F5’s systems and exfiltrated files, which included a portion of its BIG-IP source code and vulnerability information. The threat actor’s access to F5’s proprietary source code could provide that threat actor with a technical advantage to exploit F5 devices and software. What is/was Compromised? 1. All BIG-IP hardware devices. 2. All instances of BIG-IP F5OS, BIG-IP TMOS, Virtual Edition (VE), BIG-IP Next, BIG-IQ software, and BNK/CNF. The threat actor’s access enables the ability to conduct static and dynamic analysis for identification of logical flaws and zero-day vulnerabilities as well as the ability to develop targeted exploits.  https://lnkd.in/eTKpDXBA

Via Costin Raiu X account. "So this October 2025 F5 security notification is pretty wild because of the sheer volume of vulnerabilities disclosed: more than 30 high-severity CVEs (!) and around a dozen medium-severity ones in a single release cycle. This affects almost every F5 product family, BIG-IP (all modules), BIG-IP Next, F5OS, and related components. Something we don’t see very often... and a lot of these vulnerabilities score above 8.0; remote exploitation, denial-of-service or privilege escalation. Also, the number of affected software branches (from 15.x through 17.x) means most F5 deployments are touched in some way. YMMV. In short, this quarter’s bulletin is probably F5’s heaviest security updates ever. If you run F5 products, patch now." "the hackers were in the company's network for at least 12 months, according to people familiar with the investigation. F5 sent customers on Wednesday a threat hunting guide for Brickstorm, which is leveraged by the UNC5221 Chinese APT group. BTW, 12 months is just a bit short of the 393 days that is the average dwell time for UNC5221." https://lnkd.in/eCsWFGsT

CISA has announced an Emergency Directive advising all federal agencies to update their F5 Networks products after the company disclosed it nation state hackers had long-term, persistent access to its source code and systems and exfiltrated files from the company, impacting some customers. The agency warned that a nation-state hacker had the potential to exploit vulnerabilities in F5 products to gain access to credentials and tools that could allow them to move through an F5 customer's network, steal sensitive data and could compromise entire information systems. https://lnkd.in/gvUh4rW3 It's the third cyber emergency directive CISA's announced this year.

Cybersecurity firm F5 Networks says government-backed hackers had “long-term, persistent access” to its network, which allowed them to steal the company’s source code and customer information.... https://lnkd.in/ejXRquDA

"A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provides the actor with a technical advantage to exploit F5 devices and software," the agency said. "This poses an imminent threat to federal networks using F5 devices and software." https://lnkd.in/ewE_mDsr

Cybersecurity and Infrastructure Security Agency warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info https://lnkd.in/gu74QKuc

The cybersecurity vendor, F5, has recently disclosed a long-term and persistent cyberattack had happened on August. Hackers had been infiltrating certain F5 internal systems over an extended period, stealing source code, customer configuration files, and documentation of unpatched vulnerabilities. F5 Networks has issued quarterly security notification detailing updates for the affected products. HKCERT urges users to apply F5 BIG-IP and related patches immediately, as well as update login credentials to mitigate security risks. For more details, please refer to HKCERT's security bulletin: https://lnkd.in/g2zCjyRb

CISA said it “has identified a significant cyber threat targeting federal networks utilizing certain F5 devices and software.” “A nation-state cyber threat actor poses an imminent risk, with the potential to exploit vulnerabilities in F5 products to gain unauthorized access to embedded credentials and Application Programming Interface (API) keys,” the agency said. https://lnkd.in/dRaGg6vi