Sotheby's has disclosed a data breach impacting personal information, including SSNs.
The post Hackers Steal Sensitive Data From Auction House Sothebyβs appeared first on SecurityWeek.
Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information.
The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek.
More information has come to light on the cyberattack disclosed this week by F5, including on attribution and potential risks.
The post F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue AlertsΒ appeared first on SecurityWeek.
F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what itβs calling a βhighly sophisticatedβ cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of the breach under Item 1.05(c) of Form 8-K due to ongoing law enforcement considerations.
According to an 8-K form filed with the Securities and Exchange Commission, the company first became aware of unauthorized access Aug. 9 and initiated standard incident response measures, including enlisting external cybersecurity consultants. In September, the Department of Justice permitted F5 to withhold public disclosure of the breach, which the government allows if a breach is determined to be a βa substantial risk to national security or public safety.βΒ Β
Investigators discovered that the threat actor maintained prolonged access to parts of F5βs infrastructure. Systems affected included the BIG-IP product development environment and the companyβs engineering knowledge management platform. The unauthorized access resulted in the exfiltration of files, some of which contained segments of BIG-IP source code and details regarding vulnerabilities that the company was actively addressing at the time. It also said the files taken were βconfiguration or implementation information for a small percentage of customers.β
F5 reported that independent reviews by incident response firms found no evidence the attacker had modified the software supply chain, including source code or build and release pipelines. The company stated that it is not aware of any undisclosed critical or remote code execution vulnerabilities, nor any current exploitation linked to the breach. The company also stated that containment actions were implemented promptly and have so far been effective, with no evidence of new unauthorized activity since those efforts began.
According to the SEC form, no evidence was found of access to the companyβs customer relationship management, financial, support case management, or iHealth systems. However, the company said a portion of the exfiltrated files included configuration or implementation details affecting a small percentage of customers. F5 is continuing to review these materials and is contacting customers as needed.
Investigative findings further indicated that the NGINX product development environment, as well as F5 Distributed Cloud Services and Silverline systems, remained unaffected.
The United Kingdomβs National Cyber Security Centre said in a notice there is currently no indication customer networks have been impacted as a result of F5βs compromised network.
F5 has continued to work alongside federal law enforcement throughout its response and is implementing additional measures to strengthen its network defenses. Company officials reported that the breach has not had a material effect on its daily operations as of the disclosure date. Ongoing assessments are being conducted to determine if there may be any impact on the companyβs financial position or results.
F5, based in Seattle, is a major player in the application security and delivery market, serving thousands of enterprise customers worldwide, including much of the Fortune 500. The companyβs primary offerings include its BIG-IP line of hardware and software products, which provide network traffic management, application security, and access control, as well as its NGINX and F5 Distributed Cloud Services platforms. F5βs technologies are used extensively by businesses, government agencies, and service providers around the world.Β
F5 released a series of updates to its BIG-IP software suite and advised customers to update their clients for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ and APM as soon as possible.Β
The company also shared steps customers can take to harden their F5 systems and added some checks to its diagnostic tool, which can help identify gaps in security and prioritize a proper course of action.Β
F5 encouraged customers to monitor for potentially unauthorized login attempts and configuration changes by integrating their security information and event management tools.Β
The vendor said it bolstered its internal security in the wake of the breach by rotating credentials and improving its network security architecture and access controls across its systems. F5 also added tools to better monitor, detect and respond to threats, and said it strengthened security controls in its product development environment.Β
The company brought in multiple firms to assist in its response and recovery efforts, including NCC Group, IOActive and CrowdStrike. F5 said itβs working with CrowdStrike to make endpoint detection and response sensors and threat hunting available to its customers.Β
NCC Group and IOActive both attested that they have not identified any critical-severity vulnerabilities in F5βs source code nor did they find evidence of exploited defects in the companyβs critical software, products or development environment. NCC Group added that it has not found any suspicious threat activity such as malicious code injection, malware or backdoors in F5 source code during its review thus far.
βYour trust matters. We know it is earned every day, especially when things go wrong,β the company said in a blog post. βWe truly regret that this incident occurred and the risk it may create for you. We are committed to learning from this incident and sharing those lessons with the broader security community.β
Matt Kapko contributed to this story.
The post F5 discloses breach tied to nation-state threat actor appeared first on CyberScoop.
Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.
The hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification.
The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek.
The hackers claim the theft of 27 gigabytes of data, including contracts, employee information, and financial documents.
The post Ransomware Group Claims Attack on Beer Giant Asahi appeared first on SecurityWeek.
Hackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information.
The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek.
BK Technologies has informed the SEC that it discovered an IT intrusion on September 20.Β
The post Hackers Stole Data From Public Safety Comms Firm BK Technologies appeared first on SecurityWeek.
Names, usernames, email addresses, contact information, IP addresses, and billing information was compromised.
The post Discord Says User Information Stolen in Third-Party Data Breach appeared first on SecurityWeek.
Salesforce says the extortion attempts are related to past or unsubstantiated incidents, and not to fresh intrusions.
The post Hackers Extorting Salesforce After Stealing Data From Dozens of Customers appeared first on SecurityWeek.
Doctors Imaging Group is informing customers about a cybersecurity incident nearly a year after it occurred.Β
The post Data Breach at Doctors Imaging Group Impacts 171,000 People appeared first on SecurityWeek.
The brewing giant has reverted to manual order processing and shipment as operations at its Japanese subsidiaries are disrupted.
The post Beer Giant Asahi Says Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882.
The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.
The software giantβs investigation showed that vulnerabilities patched in July 2025 may be involved.
The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek.
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services.
The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.
Login