A recent security incident has left over 269,000 F5 networking devices exposed online, according to new data from the Shadowserver Foundation.

The nonprofit security organization revealed that it is detecting approximately 269,000 exposed F5 IP addresses daily, a finding that follows a major network compromise acknowledged by F5 in a recent security advisory.

• F5’s application delivery controllers (ADCs) and load balancers sit at the front line of corporate networks.
• These devices handle critical functions such as SSL/TLS termination, web application firewalling, and DDoS mitigation.
• Misconfiguration or unpatched systems can result in full administrative access for attackers.

F5 provides critical application delivery, security, and performance services to corporations worldwide. The widespread exposure of these devices significantly increases the attack surface for thousands of organizations.

The Shadowserver Foundation’s analysis highlights a heavy concentration of these exposures within the United States, which accounts for nearly half of all affected devices. This geographical breakdown underscores the massive potential impact on US-based businesses and infrastructure.

In response to the incident, F5 published a knowledge base article, K000154696, addressing the network compromise. While details of the breach itself are still emerging, the exposure of such a large number of devices is a critical concern.

Regarding F5 network compromise (see https://t.co/8ivVy4lzgl):

We are sharing daily IP data on F5 exposures in our Device Identification report https://t.co/1uPaaDBimE (device_vendor set to F5).

~269K IPs seen daily, nearly half in US.

Geo breakdown: https://t.co/j029kIGasG pic.twitter.com/VP8l21veoz

— The Shadowserver Foundation (@Shadowserver) October 16, 2025

Threat actors could potentially exploit these exposed systems to gain unauthorized access, launch further attacks, or compromise sensitive corporate data transiting through the F5 appliances.

• Attackers might deploy ransomware directly on exposed devices.
• Compromised ADCs could be used to intercept or tamper with encrypted traffic.
• Exposed management interfaces may allow threat actors to pivot deeper into corporate networks.

The Shadowserver Foundation is actively monitoring the situation and has made its findings available through its daily Device Identification reports. The organization is sharing the IP data to help system administrators and security teams identify and secure their vulnerable F5 assets.

Organizations utilizing F5 products are strongly urged to review the company’s security advisory for guidance and check the Shadowserver reports to determine if their devices are among those exposed to the public internet. Proactive measures are crucial to mitigate the risks associated with this large-scale exposure event.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Over 269,000 F5 Devices Exposed Online After Major Security Breach appeared first on Cyber Security News.

​​​​​Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. [...]

Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. [...]

Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. [...]

Major international auction house Sotheby's is notifying customers of a data breach incident on its systems where threat actors stole sensitive information, including financial details. [...]

And potentially 50 times more profitable

People receiving an AI phishing email are 4.5 times more likely to click on the malicious link or file, according to Microsoft.…