CyberScoop.com

"What's let to worry about in the F5 breach aftermath."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 12 November 2025, 0352 UTC.

Content and Source:  "CyberScoop.com."

 https://mail.google.com/mail/u/0/#inbox/FMfcgzQcqlDfKflPsVxhVmJpcWbfhRxK

URL--cyberscoop.com.

Please check email link, URL, or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

READ IN BROWSER

TUESDAY, NOV. 11, 2025 So what about that info that was taken in the F5 incident? A big deal announced Monday gives federal agencies access to secure agentic AI. And how the defense contracting world is dealing with CMMC 2.0. This is CyberScoop for Tuesday, November 11. F5 Headquarters in Seattle, Washington. (Courtesy of F5) What's left to worry about with F5 After a nation-state attacker stole sensitive intelligence—including BIG-IP source code and details on 44 internal vulnerabilities—from F5’s internal systems, cybersecurity researchers voiced only muted concern about the immediate risks, noting that most of the exposed flaws are difficult to exploit and not critical. Beneath the surface, though, experts caution that the real danger lies in the hands of attackers now armed with valuable source code—giving them the potential to develop zero-days and create long-term, strategic threats that could eventually ripple through global supply chains. As F5 works with security partners to monitor the fallout, Matt Kapko's story serves as a reminder that the true consequences of such a breach may unfold quietly and unpredictably, demanding vigilance from enterprises and government alike. Read it here. Cyber Resilience in Government Summit | Dec 10, 2025 The Rubrik Public Sector Summit will convene leading voices from Federal, State, and Local government, education, and industry to explore how organizations can strengthen their cyber defense posture, build resilience into critical infrastructure, and ensure continuity of operations even when prevention measures fall short. Register today! Secure agents for federal agencies BigBear.ai announced it will acquire Ask Sage, a generative AI platform specializing in secure and compliant AI solutions for defense and other regulated industries, in a deal valued at approximately $250 million. Ask Sage—which holds the top-tier FedRAMP High security certification—focuses on enabling safe, model-agnostic deployment of autonomous AI agents for organizations handling classified and sensitive information. The acquisition, set to close by early 2026, underscores the growing demand for artificial intelligence that meets stringent security standards in the national security, defense, and critical infrastructure sectors. Greg Otto has more. SPONSORED BY VIRTRU CMMC compliance made practical: A data-first path forward To win DoD contracts, CMMC compliance is non-negotiable, yet many contractors overspend or disrupt operations in the process. Virtru’s Trevor Foskett shares how a data-centric strategy cuts costs while strengthening security. Hear more from Trevor Foskett. CyberTalks | Feb 19, 2026 CyberTalks presents a powerful opportunity to hear from the leading voices at the intersection of government and the technology industry on the latest tactics to combat these new risks. CyberTalks also provides an invaluable forum for exchanging ideas and best practices on ways to bolster digital defenses and promote cyber resiliency. Register now! CMMC 2.0 requirement reshapes contracting The Defense Department has officially mandated Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) for all new contracts, starting a phased rollout that will require defense contractors and their supply chains to prove compliance with cybersecurity requirements. Despite years of warning, experts say confusion, misconceptions, and preparation gaps remain across the defense industrial base—especially among smaller firms—due to CMMC’s contentious history and the looming challenge of third-party assessments. As the rollout accelerates, industry players face mounting pressure to adapt, with some firms set to lose contract opportunities or exit the market entirely if they cannot demonstrate adequate cybersecurity controls. Mikayla Easley has more on DefenseScoop. Copyright © CyberScoop 2025.  All rights reserved. Scoop News Group 2001 K Street NW Washington DC  Update your email preferences Unsubscribe