Washington, D.C. , October 2025 — Global cybersecurity firm F5 has disclosed a significant data breach involving its flagship technology, BIG-IP, after revealing to the U.S. Securities and Exchange Commission that a nation-state threat actor gained long-term, persistent access to its systems. With F5’s technology securing 85% of Fortune 500 companies and multiple government agencies worldwide, experts warn the implications are “a five-alarm fire for national security.”
Bob Huber, Chief Security Officer at Tenable and former U.S. Navy cyber defense leader, called the incident one of the most critical cyber events in recent memory. “This isn’t just another piece of software—it’s a foundational technology used to secure everything from government agencies to critical infrastructure,” he said. “In the hands of a hostile actor, this stolen data is a master key that could be used to launch devastating attacks.”
The breach reportedly exposed source code and undisclosed vulnerability data, giving adversaries potential insight into the defenses of some of the world’s most sensitive systems. The timing is especially concerning amid the ongoing U.S. government shutdown, which has temporarily reduced federal cybersecurity staffing.
“Our national defenders are operating with one hand tied behind their back, right when a major threat has emerged,” Huber added, urging the industry to stay proactive and closely follow remediation guidance from CISA and F5.
Tenable has released a Rapid Security Response (RSO) FAQ and detection tools to help organizations assess their exposure. As investigations continue, experts stress that continuous monitoring and preventive security will be critical to mitigating further risk.
