Month: October 2025

More than 261,000 F5 BIG-IP instances connected to the internet could be at risk of cyberattacks following the recent cyberattack suffered by the company, experts have warned. Of these, over 140,000 instances are in North America, over 58,000 are in Europe, and over 47,000 are in Asia.

“In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from certain F5 systems”, reads the company’s statement. “Threat actor exfiltrated files from our BIG-IP product development environment and engineering knowledge management platforms. These files contained some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP.”

The company has taken several steps to remediate the issue:
Rotated credentials and strengthened access controls across our systems.
Deployed improved inventory and patch management automation, as well as additional tooling to better monitor, detect, and respond to threats.
Implemented enhancements to F5’s network security architecture.
Hardened F5’s product development environment, including strengthening security controls and monitoring of all software development platforms.
Released updates for its BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published its 13th annual report on the state of the cybersecurity threat landscape. The report covers the period of July 1, 2024 to June 30, 2025 and is based on 4,875 incidents.

The main points in the report are:

• Intrusion activity remains significant, with ransomware at its core.
• State-aligned threat groups intensified their long-term cyberespionage campaigns against the telecommunications, logistics networks and manufacturing sectors in the EU.
• Hacktivist activity continues to dominate reporting, representing almost 80% of recorded incidents and driven primarily by low-level distributed denial-of-service operations.
• Public administration networks remain the primary focus (38%).
• Phishing remains the dominant intrusion vector (60%) and is evolving through techniques used in largescale campaigns.
• Vulnerability exploitation remains a cornerstone of initial access (21.3%), with widespread campaigns rapidly weaponizing them within days of their disclosure.
• Artificial intelligence has become a defining element of the threat landscape, with AI supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide, with adversaries leveraging jailbroken models, synthetic media and model poisoning techniques to enhance their operational effectiveness.

Read more about it here.

The UK government is providing a support package of £1.5 billion ($1.75 billion) loan guarantee with Jaguar Land Rover to support its supply chain, following a massive data breach that was disclosed on September 2, 2025.

The UK government explained that its decision is to protect JLR’s supply chain, safeguard jobs, and stabilize the auto sector after the cyberattack severely disrupted operations. Production was halted for over 5 weeks.

The UK government highlighted JLR’s key role as a top exporter, employing 34,000 directly in its UK operations and supporting 120,000 jobs through its large automotive supply chain.

The UK government also committed £2 billion capital and R&D funding for the auto sector to 2030, and an additional £500 million to extend the R&D support for the industry to 2035

The loan from a commercial bank will be paid back over 5 years.

For manufacturing leaders, there is one simple, crucial lesson to take away from the JLR cyber attack: security is a strategic imperative, not a nice-to-have.

Read more about it here.