Yazılar

US warns hackers exploiting F5 vulnerabilities pose imminent threat to federal networks

/in /tarafından

U.S. officials have warned that government networks are being targeted by a nation-state cyber threat actor exploiting vulnerabilities in products made by F5, a major cybersecurity and networking firm. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive ordering federal agencies to locate and patch affected systems immediately.

According to CISA, hackers compromised F5’s internal systems, stealing files that included portions of its source code and information about undisclosed vulnerabilities. Officials said the stolen data could serve as a blueprint for future intrusions, enabling attackers to breach F5 devices and potentially gain full control over government or corporate networks.

“The cyber threat actor presents an imminent threat to federal networks,” said Nick Andersen, CISA’s Executive Assistant Director for Cybersecurity. He urged all organizations using F5 products to apply updates urgently, warning that the risk extends “to every organization and sector.”

F5 said it discovered unauthorized access on August 9 and quickly took “extensive actions” to contain the breach, engaging outside experts including CrowdStrike, Mandiant, and NCC Group. The company said there was no evidence its software development processes were tampered with, and operations remain unaffected. However, information from a few customers was accessed, and those affected have been contacted.

The U.S. Department of Justice delayed public disclosure of the breach until September 12 for national security reasons. The UK’s National Cyber Security Centre also issued a parallel warning urging users to install security updates.

Hacker Breach of TeleMessage Exposes Communications Across U.S. Government

/in /tarafından

A hacker who breached TeleMessage, a secure communications platform used by U.S. officials — including former Trump national security adviser Mike Waltz — accessed a broad range of messages from multiple government agencies, according to a Reuters investigation. The breach has significantly expanded the scope of concern over data security in the Trump administration and beyond.

The leaked data, obtained by nonprofit transparency group Distributed Denial of Secrets, revealed intercepted communications involving over 60 unique U.S. government users, including:

  • Disaster responders

  • Customs and Border Protection officials

  • U.S. diplomats

  • Secret Service members

  • A White House staffer

  • FEMA and financial sector personnel

The messages, spanning a roughly 24-hour period ending May 4, included discussions related to travel logistics for senior U.S. officials, such as a group labeled “POTUS | ROME-VATICAN | PRESS GC,” likely linked to preparations for a presidential visit. Another appeared to discuss a trip to Jordan involving U.S. personnel.

While Reuters did not identify any classified or overtly sensitive information, experts caution that the metadata alone — including who was talking to whom, when, and in what context — poses a serious counterintelligence risk.

“Even if you don’t have the content, that is a top-tier intelligence access,” said Jake Williams, a former NSA cyber expert, now at Hunter Strategy.

Waltz and Previous Signal Controversy

The breach of TeleMessage, which modifies secure apps like Signal to meet federal archiving requirements, drew attention after Mike Waltz was photographed using the platform during a Cabinet meeting on April 30. While no messages directly linked to Waltz have surfaced in the leak, his previous misuse of Signal — including inadvertently adding a journalist to a chat discussing real-time air raids on Yemen — led to his removal as national security adviser. He was later nominated to serve as U.S. ambassador to the United Nations.

Unclear Scope, Ongoing Investigations

The extent of the breach remains under investigation. The platform, owned by Smarsh, a Portland, Oregon-based digital communications firm, was taken offline on May 5 “out of an abundance of caution.” Smarsh has not responded to media inquiries.

Affected agencies include:

  • Department of Homeland Security

  • State Department

  • Centers for Disease Control and Prevention (CDC)

  • Federal Emergency Management Agency (FEMA)

  • Customs and Border Protection (CBP)

While some agencies downplayed the risk or claimed no confirmed compromise, others are still conducting internal reviews. The Cybersecurity and Infrastructure Security Agency (CISA) has since advised all users to cease use of the platform unless further mitigation steps are provided.

Key Questions Unanswered

Neither Waltz nor the White House has publicly addressed how or why TeleMessage was used or whether any guidelines were breached. The use of such platforms — designed to balance privacy, security, and legal compliance — now faces renewed scrutiny amid the apparent ease with which the hacker penetrated multiple layers of sensitive communications.

The incident adds to a growing list of cyber breaches targeting U.S. institutions in recent years, raising alarm about the resilience of federal communications systems in a time of heightened geopolitical risk and digital espionage.