Security news aggregator

Latest coverage for F5

Stay updated on F5 security insights: Explore the latest in application delivery controls, threat intelligence, and cyber defense with F5 tag news.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

F5 provides application-delivery technology, best known in security operations for BIG-IP appliances and software that load-balance traffic, terminate TLS, route requests, and can enforce web-application firewall, access-control, and denial-of-service protections. F5’s NGINX products are also used as reverse proxies and web servers. These components sit in front of applications, mediating internet traffic and trust boundaries.

Their privileged position makes exposed management interfaces, insecure configurations, leaked certificates or keys, and unpatched vulnerabilities especially significant: compromise can enable traffic interception, authentication bypass, request manipulation, or access to protected applications, depending on deployment. Security teams should inventory BIG-IP and NGINX instances and versions, restrict management planes, apply vendor fixes, review iRules, WAF, and access policies, and monitor administrative and anomalous proxy activity. During incidents, preserve configuration and traffic logs and assess whether TLS credentials or backend routes were exposed.

Showing 3 most recent headlines Filtered view

F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect HTTP modules and can be exploited remotely without authentication to trigger memory corruption, potentially causing […]