CyberScoop.

"F5:  We were breached by nation-state threat actor."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 October 2025, 0309 UTC.

Content and Source:  "CyberScoop."

 https://mail.google.com/mail/u/0/#inbox/FMfcgzQcqQqMZFvTcztZGmdwtcsxRHxK

URL--cyberscoop.com.

Please check email link, URL, or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

READ IN BROWSER

WEDNESDAY, OCT. 15, 2025 Pretty packed newsletter today! Big breach at F5, lawmakers wanting CISA to return their requests for info, satellite hacking, the biggest Patch Tuesday of the year, and industry consolidation. Let's get into it: This is CyberScoop for Wednesday, October 15. F5 Headquarters in Seattle, Washington. (Courtesy of F5) Big breach at F5 F5 disclosed that it was the target of a “highly sophisticated” cyberattack by a nation-state actor, which resulted in unauthorized access to its BIG-IP product development environment and exfiltration of files—including some source code and a small percentage of customer configuration data. The company, with DOJ authorization, delayed public disclosure while investigators found no evidence of software supply chain compromise, critical undisclosed vulnerabilities, or current exploitation, and promptly implemented containment measures. F5 is continuing its review, contacting affected customers, and working with law enforcement to strengthen defenses, stating that its daily operations and primary platforms like NGINX and Distributed Cloud Services have not been materially impacted. Greg Otto has more. On-demand webinar: Close the Access-Trust Gap Today’s businesses face a widening Access-Trust Gap: The security risks posed by untrusted users, devices, and apps that access company resources without proper controls. Learn how 1Password Extended Access Management closes the gap, and helps teams: Discover, secure, and manage SaaS apps Enforce device health during authentication Provide secure, one-click access to both managed and unmanaged apps Build access controls for AI agents Watch the webinar now. Swalwell demands answers from CISA Rep. Eric Swalwell sent a letter to acting CISA Director Madhu Gottumukkala expressing concern that staffing cuts and transferring cybersecurity personnel to DHS deportation efforts are undermining the agency's ability to respond to escalating cyber threats. He criticized the Trump administration for workforce reductions—over 760 employees let go since January—and the termination of third-party partnerships, arguing these actions compromise CISA's core mission. Swalwell demanded an immediate halt to workforce cuts, reinstatement of affected employees, and details on the impact of these changes, warning that national security is at risk if CISA remains understaffed. Greg has more. Pretty easy to steal data from space Researchers from the University of Maryland and UC San Diego demonstrated that with just $600 in commercial satellite equipment, they could intercept large amounts of unencrypted sensitive data—including military, telecom, and corporate information—by passively scanning signals from geostationary satellites. Their findings revealed that many organizations do not routinely encrypt or monitor the security of their satellite communication links, resulting in the exposure of plaintext calls, SMS, browsing data, and even military vessel information to anyone with basic technical knowhow. The study highlights the urgent need for governments and businesses to prioritize encryption and security for satellite communications, as the barrier to eavesdropping is far lower than previously thought. Derek B. Johnson has more. On-demand webinar: Close the Access-Trust Gap Today’s businesses face a widening Access-Trust Gap: The security risks posed by untrusted users, devices, and apps that access company resources without proper controls. Learn how 1Password Extended Access Management closes the gap, and helps teams: Discover, secure, and manage SaaS apps Enforce device health during authentication Provide secure, one-click access to both managed and unmanaged apps Build access controls for AI agents Watch the webinar now. A big Patch Tuesday Microsoft’s latest security update addresses 175 vulnerabilities—the largest batch this year—including two actively exploited zero-days: one in the Agere Windows Modem Driver and another in Windows Remote Access Connection Manager, both with a CVSS score of 7.8. The company removed the vulnerable modem driver from Windows, warned that attackers could gain administrator privileges even if the modem isn’t in use, and noted the Remote Access Manager flaw could grant system privileges locally. Additionally, several other high and critical-severity flaws, including issues in ASP.NET core and Azure Entra ID, were patched, with authorities urging immediate updates given the elevated exploitation risk. Matt Kapko has more. Officials crack down on scam networks Federal authorities have seized over 127,000 Bitcoin (worth about $15 billion) from alleged cybercrime kingpin Chen Zhi, marking the largest financial seizure ever, as part of a crackdown on a Cambodia-based network accused of global human trafficking and cyber-enabled financial fraud. The U.S. Justice Department alleges that Chen led the Prince Group since 2015, operating scam compounds that relied on forced labor, and that his network scammed millions from victims across over 30 countries—including at least 250 people in New York. Coordinated actions with the U.K. resulted in sweeping sanctions against more than 140 individuals and organizations linked to Prince Group, as well as the severing of another conglomerate, Huione Group, from the U.S. financial system due to its alleged involvement in laundering billions in illicit proceeds. Matt has more. Cybereason falls to consolidation LevelBlue, formerly AT&T Cybersecurity, has announced an agreement to acquire Cybereason, a Boston-based cybersecurity firm known for its extended detection and response (XDR) platform and digital forensics services. This acquisition will integrate Cybereason’s XDR, threat intelligence, and incident response capabilities into LevelBlue’s managed detection and response portfolio, aiming to create a more unified and scalable cybersecurity solution for clients. The move comes as Cybereason closes a turbulent period marked by failed IPO plans and significant layoffs, with new investors—including SoftBank and Liberty Strategic Capital—joining LevelBlue as part of the deal. Greg has more. Copyright © CyberScoop 2025.  All rights reserved. Scoop News Group 2001 K Street NW Washington DC  Update your email preferences Unsubscribe