so much for f5 being a security company
https://www.securityweek.com/f5-blames-nation-state-hackers-for-theft-of-source-code-and-vulnerability-data/
58 replies (most recent on top)
@2w4 I'm sure more Okta employees will be brought on to fill that same gap that is opened
@2vh watch and learn of the 4xx RIF this holiday season and the subsequent take over of F5.
@280 Watch and learn.
@cb Oh, of course! You can't possibly upgrade Docker Desktop on your machine because, well, "security reasons." How original! And let’s not forget about the missing source code, just a tiny detail, right? Meanwhile, they’re counting RTO days and all that important “business,” but who cares about engineering or actual security? I mean, it’s not like they’re developing products for top governments or major corporations or anything. This is serious stuff, not just another social platform or photo-sharing app!
@1jn This time more than 600, possibly around 1000+, will likely be needed to let go to save money and try to reverse the stock trend.
F5 is pretty much done now. There's no explaining yourself out of this one if these allegations are true. Many employees raised concerns and got burned because it wasn't considered politically correct. Political correctness and Indian nepotism, at the expense of security.
@1q5 Yes to this!!!!
@1px It gets even worse when you tried to warn them and they didn't listen!
@1pr It gets worse when you were inside and know how all the decisions were/are made...
Folks, let me tell you about this spectacular mess over at F5 Networks, true disaster, big league.
These folks, who say they do cybersecurity, got hit by some nation-state hackers, okay?
They broke into F5’s development playground, stole pieces of the BIG‑IP source code and internal vulnerability data.
Now, imagine executives: “We’ll cut corners, we’ll save a buck, we’ll reuse a weak password here, skip that training there”, and then BAM! The hackers waltz in. No supply-chain tampering, they claim, but still: proprietary code gone.
It’s the kind of thing you get when the C-suite says, “Let’s invest in croissants instead of intrusion detection,” then the hackers turn their laptops into a buffet. And now F5 is scrambling, “Patch, patch, patch, everybody!”
Maybe if those execs hadn’t been so busy trimming costs, they’d already have been locked down. It’s embarrassing. A top-tier security firm with the source code walking out the door, enormous failure, folks.
T.
@fd I'm reading now 2023....
@xy Hiring engineers in Hyderabad was a brilliant move on the part FLD!!!
A small group of new-ish engineers in Hyderabad were found to have taken hundreds of pictures of TMOS source code and sold them online to a nation state actor. They are no longer with the company.
@OP The reality is that F5 has only itself to blame. F5 is good at deflection of the truth of the matter. They are a just a minor league team in the majors of security. This should never have happened.
@cb "Some thefts have been done by simply taking phone pictures of their screen - even coordinating it among multiple employees checking out different parts of code, sure in their protection by foreign status."
does anyone have more on this? its so sad to hear how our company has been destroyed from within by untalented imposters
@f5 - more likely they slice retention to save on storage: something the SOC and in-house SecOps teams complained about for aeons. They likely DONT know how far this goes back.
@er - No saving this now: entropy has overtaken. decades of quality ruined in a five year span. It’s a microcosm of what’s happening in our government also
@cb - yep after Shape acquisition when Shape told F5 whoa no we are not putting ourselves behind that mess; we now own your clouded Ops…they nailed shut prod access for tons of folks then did a more granular RBAC via OU thereafter. This was only on the SL/SdC side; never saw them go wild over security in other pillars…
Then they diluted their in-house sec ops and got rid of the actual hackers - all downhill from there
It was only a matter of time. The overall US gov is now pwned
@n6 You couldn’t be more wrong.
Rule 10b5-1. Study it. 98% of executives in all publicly traded companies use it.
It eliminates insider trading violations. Executives aren’t like the rest of us. They have so many shares, they just schedule the sales year+ in advance. If a sale coincides with a material event, it’s coincidence and they are protected.
Come on people, get an education about how the world works.
@ek John McAdam, not John McAdams. He got your name right, but you got his wrong.
I believe executive must file an intent to sell in advance and must be made public before they can actually sell their RSUs, stock rewards/grants
@j1 So you think they are violating the Rule 10b5-1 plans?
Insiders typically pick dates far into the future to sell stocks, so their inside information doesn’t persuade them to sell at better times. They were probably allowed to keep these trades because of that, even though the optics aren’t great…
@g9 https://www.marketbeat.com/stocks/NASDAQ/FFIV/insider-trades/
@g9 Isn’t that insider trading ?
https://en.wikipedia.org/wiki/Insider_trading
@fc And ceo sold shares right after the last layoff at the beginning of October according to SEC
FLD needed a reason to toss several hundred more employees by years end. He got it with this. Gotta make those numbers look good for this quarter.
@fc That seems like insider trading. You get an orange costume for this, just about time for Halloween.
@f5 as early as 2024...
https://resources.blackkite.com/blog/nightmare-on-f5-street-deconstructing-the-f5-breach-and-its-systemic-supply-chain-risk/
@ef some of them sold their shares in Sept 2025
What really bothers me is that neither F5’s statement nor the attestation letters from NCC Group or IOActive mention when the breach actually happened.
They only say that F5 “learned” about it in August 2025. That’s not when it started.
There must be forensic evidence pointing to the first signs of compromise - timestamps, login traces, file access logs, anything. Was it weeks before they noticed? Months? Maybe even years? They don’t say. Not even approximately.
When companies omit that detail, it’s usually one of two things:
- They genuinely have no clue when the attackers got in (which would be disastrous), or
- They it started long before discovery and don’t want to admit how far back it goes.
Either way, that’s the part that stinks the most.
So basically the last round layoff on the big ip team was related to this attack?
Cut the Indian leadership junk from F5 and most of the problems will go away.
@ch McAdams was one of the few CEOs I've had that greeted me on a first name basis. I know I did some great things for F5 but for him to acknowledge me in the building on a first name basis demonstrated his true self.
@OP I'm guessing FLD is staying quiet on all of this?
@OP would seem to be leveling off finally at about 293. Wow.
@ed Expect layoffs; some top executives need to secure their bonuses for the holiday season.
@OP It would seems that a 3rd (third) RIF this year is now inevitable.
@ea Now it is 55 points down