Sotheby's has disclosed a data breach impacting personal information, including SSNs.

The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek.

Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information.

The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek.

More information has come to light on the cyberattack disclosed this week by F5, including on attribution and potential risks.

The post F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts  appeared first on SecurityWeek.

F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what it’s calling a “highly sophisticated” cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of the breach under Item 1.05(c) of Form 8-K due to ongoing law enforcement considerations.

According to an 8-K form filed with the Securities and Exchange Commission, the company first became aware of unauthorized access Aug. 9 and initiated standard incident response measures, including enlisting external cybersecurity consultants. In September, the Department of Justice permitted F5 to withhold public disclosure of the breach, which the government allows if a breach is determined to be a “a substantial risk to national security or public safety.”  

Investigators discovered that the threat actor maintained prolonged access to parts of F5’s infrastructure. Systems affected included the BIG-IP product development environment and the company’s engineering knowledge management platform. The unauthorized access resulted in the exfiltration of files, some of which contained segments of BIG-IP source code and details regarding vulnerabilities that the company was actively addressing at the time. It also said the files taken were “configuration or implementation information for a small percentage of customers.”

F5 reported that independent reviews by incident response firms found no evidence the attacker had modified the software supply chain, including source code or build and release pipelines. The company stated that it is not aware of any undisclosed critical or remote code execution vulnerabilities, nor any current exploitation linked to the breach. The company also stated that containment actions were implemented promptly and have so far been effective, with no evidence of new unauthorized activity since those efforts began.

According to the SEC form, no evidence was found of access to the company’s customer relationship management, financial, support case management, or iHealth systems. However, the company said a portion of the exfiltrated files included configuration or implementation details affecting a small percentage of customers. F5 is continuing to review these materials and is contacting customers as needed.

Investigative findings further indicated that the NGINX product development environment, as well as F5 Distributed Cloud Services and Silverline systems, remained unaffected.

The United Kingdom’s National Cyber Security Centre said in a notice there is currently no indication customer networks have been impacted as a result of F5’s compromised network.

F5 has continued to work alongside federal law enforcement throughout its response and is implementing additional measures to strengthen its network defenses. Company officials reported that the breach has not had a material effect on its daily operations as of the disclosure date. Ongoing assessments are being conducted to determine if there may be any impact on the company’s financial position or results.

F5, based in Seattle, is a major player in the application security and delivery market, serving thousands of enterprise customers worldwide, including much of the Fortune 500. The company’s primary offerings include its BIG-IP line of hardware and software products, which provide network traffic management, application security, and access control, as well as its NGINX and F5 Distributed Cloud Services platforms. F5’s technologies are used extensively by businesses, government agencies, and service providers around the world. 

Fixes rolled out

F5 released a series of updates to its BIG-IP software suite and advised customers to update their clients for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ and APM as soon as possible. 

The company also shared steps customers can take to harden their F5 systems and added some checks to its diagnostic tool, which can help identify gaps in security and prioritize a proper course of action. 

F5 encouraged customers to monitor for potentially unauthorized login attempts and configuration changes by integrating their security information and event management tools. 

The vendor said it bolstered its internal security in the wake of the breach by rotating credentials and improving its network security architecture and access controls across its systems. F5 also added tools to better monitor, detect and respond to threats, and said it strengthened security controls in its product development environment. 

The company brought in multiple firms to assist in its response and recovery efforts, including NCC Group, IOActive and CrowdStrike. F5 said it’s working with CrowdStrike to make endpoint detection and response sensors and threat hunting available to its customers. 

NCC Group and IOActive both attested that they have not identified any critical-severity vulnerabilities in F5’s source code nor did they find evidence of exploited defects in the company’s critical software, products or development environment. NCC Group added that it has not found any suspicious threat activity such as malicious code injection, malware or backdoors in F5 source code during its review thus far.

“Your trust matters. We know it is earned every day, especially when things go wrong,” the company said in a blog post. “We truly regret that this incident occurred and the risk it may create for you. We are committed to learning from this incident and sharing those lessons with the broader security community.”

Matt Kapko contributed to this story.

The post F5 discloses breach tied to nation-state threat actor appeared first on CyberScoop.

Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.

The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.

The hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification.

The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek.

The hackers claim the theft of 27 gigabytes of data, including contracts, employee information, and financial documents.

The post Ransomware Group Claims Attack on Beer Giant Asahi appeared first on SecurityWeek.

Hackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information.

The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek.

BK Technologies has informed the SEC that it discovered an IT intrusion on September 20. 

The post Hackers Stole Data From Public Safety Comms Firm BK Technologies appeared first on SecurityWeek.

Names, usernames, email addresses, contact information, IP addresses, and billing information was compromised.

The post Discord Says User Information Stolen in Third-Party Data Breach appeared first on SecurityWeek.

Salesforce says the extortion attempts are related to past or unsubstantiated incidents, and not to fresh intrusions.

The post Hackers Extorting Salesforce After Stealing Data From Dozens of Customers appeared first on SecurityWeek.

Doctors Imaging Group is informing customers about a cybersecurity incident nearly a year after it occurred. 

The post Data Breach at Doctors Imaging Group Impacts 171,000 People appeared first on SecurityWeek.

The brewing giant has reverted to manual order processing and shipment as operations at its Japanese subsidiaries are disrupted.

The post Beer Giant Asahi Says Data Stolen in Ransomware Attack appeared first on SecurityWeek.

Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882.

The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.

The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved.

The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek.

Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services.

The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.

The Canadian airline fell victim to a cyberattack in June and has completed the analysis of stolen information.

The post 1.2 Million Impacted by WestJet Data Breach appeared first on SecurityWeek.

The hackers stole names, contact details, Social Security numbers, and driver’s license numbers in an August 19 ransomware attack.

The post 766,000 Impacted by Data Breach at Dealership Software Provider Motility appeared first on SecurityWeek.

In July, hackers stole files containing names, addresses, dates of birth, and Social Security numbers from a cloud-based CRM.

The post 1.5 Million Impacted by Allianz Life Data Breach appeared first on SecurityWeek.

The company says names, contact details, and ID documents provided in connection with reservations and travel were stolen from its systems.

The post Canadian Airline WestJet Says Hackers Stole Customer Data appeared first on SecurityWeek.