F5 Labs
@f5labs.bsky.social
Data driven cyber security threat research from the appsec experts at @f5inc.bsky.social https://f5.com/labs
Pinned
F5 Labs
@f5labs.bsky.social
· Jun 26
In our latest piece, David Warburton examines quantum computing, PQC standards, and PQC adoptions, providing insights into the current landscape of #PQC in our 2025 TLS Telemetry analysis.
⬇️ Unlock these insights: https://go.f5.net/m2jf016y
#F5Labs #TechInsights #DataSecurity
⬇️ Unlock these insights: https://go.f5.net/m2jf016y
#F5Labs #TechInsights #DataSecurity
Let’s take a second to discuss the evolution of encryption methods. With quantum threats by ~2030, now's the time to adopt hybrid #PQC.
Dive into the team’s research. go.f5.net/shehdfco
#Cybersecurity #PostQuantum
Dive into the team’s research. go.f5.net/shehdfco
#Cybersecurity #PostQuantum
November 10, 2025 at 6:00 PM
Let’s take a second to discuss the evolution of encryption methods. With quantum threats by ~2030, now's the time to adopt hybrid #PQC.
Dive into the team’s research. go.f5.net/shehdfco
#Cybersecurity #PostQuantum
Dive into the team’s research. go.f5.net/shehdfco
#Cybersecurity #PostQuantum
As #AI usage scales, which of the following issues hits you the hardest? Is there another issue you’ve seen? Let us know below!
🔸 Bot abuse inflating inference costs
🔸 Scraping of AI-generated content/data
🔸 L7 DDoS against inference/tool endpoints
🔸 Fragile rate limits ➡️ SLO/SLA breaches
🔸 Bot abuse inflating inference costs
🔸 Scraping of AI-generated content/data
🔸 L7 DDoS against inference/tool endpoints
🔸 Fragile rate limits ➡️ SLO/SLA breaches
October 9, 2025 at 5:00 PM
As #AI usage scales, which of the following issues hits you the hardest? Is there another issue you’ve seen? Let us know below!
🔸 Bot abuse inflating inference costs
🔸 Scraping of AI-generated content/data
🔸 L7 DDoS against inference/tool endpoints
🔸 Fragile rate limits ➡️ SLO/SLA breaches
🔸 Bot abuse inflating inference costs
🔸 Scraping of AI-generated content/data
🔸 L7 DDoS against inference/tool endpoints
🔸 Fragile rate limits ➡️ SLO/SLA breaches
As AI moves into production, risks evolve fast.
What’s your top concern when deploying #AI apps? Let us know below!
1️⃣ Prompt injection
2️⃣ Data abuse
3️⃣ Scaling & cost risks
4️⃣ Compliance/audit gaps
#CybersecurityAwarenessMonth #AISecurity #AppSec
What’s your top concern when deploying #AI apps? Let us know below!
1️⃣ Prompt injection
2️⃣ Data abuse
3️⃣ Scaling & cost risks
4️⃣ Compliance/audit gaps
#CybersecurityAwarenessMonth #AISecurity #AppSec
October 7, 2025 at 5:00 PM
As AI moves into production, risks evolve fast.
What’s your top concern when deploying #AI apps? Let us know below!
1️⃣ Prompt injection
2️⃣ Data abuse
3️⃣ Scaling & cost risks
4️⃣ Compliance/audit gaps
#CybersecurityAwarenessMonth #AISecurity #AppSec
What’s your top concern when deploying #AI apps? Let us know below!
1️⃣ Prompt injection
2️⃣ Data abuse
3️⃣ Scaling & cost risks
4️⃣ Compliance/audit gaps
#CybersecurityAwarenessMonth #AISecurity #AppSec
Meet the CASI Leaderboard: a security-first ranking of #AI models by their Comprehensive AI Security Index (CASI).
See scores, methods, and how to compare risk across models.
🔗 go.f5.net/yjaoge44
#AppSec #AITrust #AISecurity #AICompliance #F5Labs
See scores, methods, and how to compare risk across models.
🔗 go.f5.net/yjaoge44
#AppSec #AITrust #AISecurity #AICompliance #F5Labs
October 6, 2025 at 5:00 PM
Meet the CASI Leaderboard: a security-first ranking of #AI models by their Comprehensive AI Security Index (CASI).
See scores, methods, and how to compare risk across models.
🔗 go.f5.net/yjaoge44
#AppSec #AITrust #AISecurity #AICompliance #F5Labs
See scores, methods, and how to compare risk across models.
🔗 go.f5.net/yjaoge44
#AppSec #AITrust #AISecurity #AICompliance #F5Labs
#CybersecurityAwarenessMonth is here!
We’ll be sharing research-driven insights to help reduce risk across web apps, #APIs, #bots, and preparing for #PQC.
Stay tuned for more!
We’ll be sharing research-driven insights to help reduce risk across web apps, #APIs, #bots, and preparing for #PQC.
Stay tuned for more!
October 1, 2025 at 2:00 PM
#CybersecurityAwarenessMonth is here!
We’ll be sharing research-driven insights to help reduce risk across web apps, #APIs, #bots, and preparing for #PQC.
Stay tuned for more!
We’ll be sharing research-driven insights to help reduce risk across web apps, #APIs, #bots, and preparing for #PQC.
Stay tuned for more!
This month, we focus on a scanner exploiting inadvertent disclosure vulnerabilities. This actor, originating from a UK-based ISP, has shown distinct patterns of behavior that we thought warranted scrutiny.
View analysis here: go.f5.net/ubxcndil
#ThreatIntelligence
View analysis here: go.f5.net/ubxcndil
#ThreatIntelligence
September 29, 2025 at 5:00 PM
This month, we focus on a scanner exploiting inadvertent disclosure vulnerabilities. This actor, originating from a UK-based ISP, has shown distinct patterns of behavior that we thought warranted scrutiny.
View analysis here: go.f5.net/ubxcndil
#ThreatIntelligence
View analysis here: go.f5.net/ubxcndil
#ThreatIntelligence
From #CVE trends to malicious scanners, our latest SIS analysis explores:
1️⃣ Top targeted CVEs for the month
2️⃣ A scanner using 12k+ unique User-Agents
3️⃣ Steps to help protect your organization
See our analysis: go.f5.net/2818h4yr
#Cybersecuirty #ThreatIntelligence
1️⃣ Top targeted CVEs for the month
2️⃣ A scanner using 12k+ unique User-Agents
3️⃣ Steps to help protect your organization
See our analysis: go.f5.net/2818h4yr
#Cybersecuirty #ThreatIntelligence
September 26, 2025 at 6:00 PM
From #CVE trends to malicious scanners, our latest SIS analysis explores:
1️⃣ Top targeted CVEs for the month
2️⃣ A scanner using 12k+ unique User-Agents
3️⃣ Steps to help protect your organization
See our analysis: go.f5.net/2818h4yr
#Cybersecuirty #ThreatIntelligence
1️⃣ Top targeted CVEs for the month
2️⃣ A scanner using 12k+ unique User-Agents
3️⃣ Steps to help protect your organization
See our analysis: go.f5.net/2818h4yr
#Cybersecuirty #ThreatIntelligence
Our recent analysis examined a specific malicious scanner (IP: 78.153.140.203) known for targeting exposed environment files (.env). This scanner displays a staggering 12k+ unique User-Agent strings, originating from a UK-based ISP.
View analysis here: go.f5.net/741mwjdd
#ThreatIntelligence
View analysis here: go.f5.net/741mwjdd
#ThreatIntelligence
September 25, 2025 at 5:00 PM
Our recent analysis examined a specific malicious scanner (IP: 78.153.140.203) known for targeting exposed environment files (.env). This scanner displays a staggering 12k+ unique User-Agent strings, originating from a UK-based ISP.
View analysis here: go.f5.net/741mwjdd
#ThreatIntelligence
View analysis here: go.f5.net/741mwjdd
#ThreatIntelligence
Banks hold sensitive data, such as transactions and credit card information. With quantum on the horizon, adopting #PQC is urgent. Without it, breaches could hit by 2030.
Benchmark readiness & plan your transition with our PQC
report: go.f5.net/0pffk41s
#QuantumRisk #DataProtection
Benchmark readiness & plan your transition with our PQC
report: go.f5.net/0pffk41s
#QuantumRisk #DataProtection
September 24, 2025 at 5:00 PM
Banks hold sensitive data, such as transactions and credit card information. With quantum on the horizon, adopting #PQC is urgent. Without it, breaches could hit by 2030.
Benchmark readiness & plan your transition with our PQC
report: go.f5.net/0pffk41s
#QuantumRisk #DataProtection
Benchmark readiness & plan your transition with our PQC
report: go.f5.net/0pffk41s
#QuantumRisk #DataProtection
Check out some highlights from our latest monthly SIS overview as we uncover the latest CVE trends!
🔗 go.f5.net/e3p0jv7g
#Cybersecurity #ThreatIntelligence #MalwareProtection
🔗 go.f5.net/e3p0jv7g
#Cybersecurity #ThreatIntelligence #MalwareProtection
September 19, 2025 at 6:00 PM
Check out some highlights from our latest monthly SIS overview as we uncover the latest CVE trends!
🔗 go.f5.net/e3p0jv7g
#Cybersecurity #ThreatIntelligence #MalwareProtection
🔗 go.f5.net/e3p0jv7g
#Cybersecurity #ThreatIntelligence #MalwareProtection
Quantum computing is reshaping the crypto roadmap. #NIST has finalized its first #PQC standards with clear roles for each algorithm family.
View them below. ⬇️
Learn more about PQC standards
➡️ go.f5.net/ve0f60cg
#Cybersecurity #QuantumSecurity #AppSec #Cryptography
View them below. ⬇️
Learn more about PQC standards
➡️ go.f5.net/ve0f60cg
#Cybersecurity #QuantumSecurity #AppSec #Cryptography
September 18, 2025 at 5:00 PM
Quantum computing is reshaping the crypto roadmap. #NIST has finalized its first #PQC standards with clear roles for each algorithm family.
View them below. ⬇️
Learn more about PQC standards
➡️ go.f5.net/ve0f60cg
#Cybersecurity #QuantumSecurity #AppSec #Cryptography
View them below. ⬇️
Learn more about PQC standards
➡️ go.f5.net/ve0f60cg
#Cybersecurity #QuantumSecurity #AppSec #Cryptography
We published an article on #SparkRAT highlighting its architecture and potential vulnerabilities. We also have some #YARA rules to help identify SparkRAT in your environments.
Check out the article here: go.f5.net/o3k1rbep
Check out the YARA rules here: go.f5.net/v7bc0ake
Check out the article here: go.f5.net/o3k1rbep
Check out the YARA rules here: go.f5.net/v7bc0ake
September 17, 2025 at 5:00 PM
We published an article on #SparkRAT highlighting its architecture and potential vulnerabilities. We also have some #YARA rules to help identify SparkRAT in your environments.
Check out the article here: go.f5.net/o3k1rbep
Check out the YARA rules here: go.f5.net/v7bc0ake
Check out the article here: go.f5.net/o3k1rbep
Check out the YARA rules here: go.f5.net/v7bc0ake
As #QDay draws closer than expected. Is your data secure?
Join David Warburton, Director at #F5Labs, at this year’s IDC Security Summit in Sweden as he explores “Q-Day and the Quantum Deadline: Are We Ready?”
Get the full details: go.f5.net/aaz6088r
#IDCSecuritySummit #PQC
Join David Warburton, Director at #F5Labs, at this year’s IDC Security Summit in Sweden as he explores “Q-Day and the Quantum Deadline: Are We Ready?”
Get the full details: go.f5.net/aaz6088r
#IDCSecuritySummit #PQC
September 11, 2025 at 6:00 PM
As #QDay draws closer than expected. Is your data secure?
Join David Warburton, Director at #F5Labs, at this year’s IDC Security Summit in Sweden as he explores “Q-Day and the Quantum Deadline: Are We Ready?”
Get the full details: go.f5.net/aaz6088r
#IDCSecuritySummit #PQC
Join David Warburton, Director at #F5Labs, at this year’s IDC Security Summit in Sweden as he explores “Q-Day and the Quantum Deadline: Are We Ready?”
Get the full details: go.f5.net/aaz6088r
#IDCSecuritySummit #PQC
Did you know that 24% of the entries in CISA’s Known Exploited Vulnerabilities (KEV) list are RCE vulnerabilities?
No surprise that of the top 10 #CVEs we track, CVE-2017-9841, a PHPUnit eval-stdin.php RCE came in top.
Check out our analysis. go.f5.net/27nmlgj6
#MalwareProtection
No surprise that of the top 10 #CVEs we track, CVE-2017-9841, a PHPUnit eval-stdin.php RCE came in top.
Check out our analysis. go.f5.net/27nmlgj6
#MalwareProtection
September 5, 2025 at 6:00 PM
Did you know that 24% of the entries in CISA’s Known Exploited Vulnerabilities (KEV) list are RCE vulnerabilities?
No surprise that of the top 10 #CVEs we track, CVE-2017-9841, a PHPUnit eval-stdin.php RCE came in top.
Check out our analysis. go.f5.net/27nmlgj6
#MalwareProtection
No surprise that of the top 10 #CVEs we track, CVE-2017-9841, a PHPUnit eval-stdin.php RCE came in top.
Check out our analysis. go.f5.net/27nmlgj6
#MalwareProtection
Finance, healthcare, & government: the sectors with the most to lose are among the slowest to adopt #PQC. So, what can your organization do?
✅ Establish a crypto bill of materials.
✅ Enable hybrid KEM or transition to TLS 1.3.
Find more helpful tips: go.f5.net/dgwc3hb1
#QuantumReadiness
✅ Establish a crypto bill of materials.
✅ Enable hybrid KEM or transition to TLS 1.3.
Find more helpful tips: go.f5.net/dgwc3hb1
#QuantumReadiness
September 4, 2025 at 5:00 PM
Finance, healthcare, & government: the sectors with the most to lose are among the slowest to adopt #PQC. So, what can your organization do?
✅ Establish a crypto bill of materials.
✅ Enable hybrid KEM or transition to TLS 1.3.
Find more helpful tips: go.f5.net/dgwc3hb1
#QuantumReadiness
✅ Establish a crypto bill of materials.
✅ Enable hybrid KEM or transition to TLS 1.3.
Find more helpful tips: go.f5.net/dgwc3hb1
#QuantumReadiness
TLS 1.3 is strong today, but tomorrow’s #quantumattacks could break it. That’s why it’s vital to understand hybrid post-quantum TLS handshakes.
Stay ahead of the curve with our #PQC report.
🔗 go.f5.net/toh1o17n
Stay ahead of the curve with our #PQC report.
🔗 go.f5.net/toh1o17n
September 2, 2025 at 5:00 PM
TLS 1.3 is strong today, but tomorrow’s #quantumattacks could break it. That’s why it’s vital to understand hybrid post-quantum TLS handshakes.
Stay ahead of the curve with our #PQC report.
🔗 go.f5.net/toh1o17n
Stay ahead of the curve with our #PQC report.
🔗 go.f5.net/toh1o17n
Looking into last month’s top scanned #CVEs, we saw a striking commonality across vulnerabilities: nearly all rely on HTTP-based vectors and culminate in command injection.
See what other trends the team uncovered: go.f5.net/fof1d9ew
#Cybersecurity #MalwareProtection
See what other trends the team uncovered: go.f5.net/fof1d9ew
#Cybersecurity #MalwareProtection
August 31, 2025 at 5:00 PM
Looking into last month’s top scanned #CVEs, we saw a striking commonality across vulnerabilities: nearly all rely on HTTP-based vectors and culminate in command injection.
See what other trends the team uncovered: go.f5.net/fof1d9ew
#Cybersecurity #MalwareProtection
See what other trends the team uncovered: go.f5.net/fof1d9ew
#Cybersecurity #MalwareProtection
Validation matters. So, we tested our #SparkRAT YARA rules against 4 years of Malware Bazaar samples (2020-02 to 2024-04) with zero positives.
Check out our #YARA rules on #Github: go.f5.net/pishckzt
Check out our #YARA rules on #Github: go.f5.net/pishckzt
August 29, 2025 at 6:00 PM
Validation matters. So, we tested our #SparkRAT YARA rules against 4 years of Malware Bazaar samples (2020-02 to 2024-04) with zero positives.
Check out our #YARA rules on #Github: go.f5.net/pishckzt
Check out our #YARA rules on #Github: go.f5.net/pishckzt
In our latest SIS analysis, we dive into:
1️⃣ Top targeted CVEs for the month
2️⃣ Long-term CVE trends, and
3️⃣ Deep dive into web-based RCE vulnerabilities
Find out what the team uncovered: go.f5.net/mn5bmol8
#Cybersecurity #MalwareProtection #Threats
1️⃣ Top targeted CVEs for the month
2️⃣ Long-term CVE trends, and
3️⃣ Deep dive into web-based RCE vulnerabilities
Find out what the team uncovered: go.f5.net/mn5bmol8
#Cybersecurity #MalwareProtection #Threats
August 28, 2025 at 5:00 PM
In our latest SIS analysis, we dive into:
1️⃣ Top targeted CVEs for the month
2️⃣ Long-term CVE trends, and
3️⃣ Deep dive into web-based RCE vulnerabilities
Find out what the team uncovered: go.f5.net/mn5bmol8
#Cybersecurity #MalwareProtection #Threats
1️⃣ Top targeted CVEs for the month
2️⃣ Long-term CVE trends, and
3️⃣ Deep dive into web-based RCE vulnerabilities
Find out what the team uncovered: go.f5.net/mn5bmol8
#Cybersecurity #MalwareProtection #Threats
Quantum is coming!
Only ~3% of banking sites support #PQC, far too low for sensitive data. Legacy encryption will crack under quantum, putting assets at risk.
See where you stand and how to start the PQC transition: go.f5.net/zwkq3got
#QuantumRisk #DataProtection
Only ~3% of banking sites support #PQC, far too low for sensitive data. Legacy encryption will crack under quantum, putting assets at risk.
See where you stand and how to start the PQC transition: go.f5.net/zwkq3got
#QuantumRisk #DataProtection
August 27, 2025 at 5:00 PM
Quantum is coming!
Only ~3% of banking sites support #PQC, far too low for sensitive data. Legacy encryption will crack under quantum, putting assets at risk.
See where you stand and how to start the PQC transition: go.f5.net/zwkq3got
#QuantumRisk #DataProtection
Only ~3% of banking sites support #PQC, far too low for sensitive data. Legacy encryption will crack under quantum, putting assets at risk.
See where you stand and how to start the PQC transition: go.f5.net/zwkq3got
#QuantumRisk #DataProtection
Traditional defenses like #CAPTCHAs are no longer enough!
Check out David Warburton’s op-ed in #Tahawultech as he lists key insights into combating advanced bot attacks effectively.
#BotDefense #Cyberthreats
Check out David Warburton’s op-ed in #Tahawultech as he lists key insights into combating advanced bot attacks effectively.
#BotDefense #Cyberthreats
August 26, 2025 at 5:00 PM
Traditional defenses like #CAPTCHAs are no longer enough!
Check out David Warburton’s op-ed in #Tahawultech as he lists key insights into combating advanced bot attacks effectively.
#BotDefense #Cyberthreats
Check out David Warburton’s op-ed in #Tahawultech as he lists key insights into combating advanced bot attacks effectively.
#BotDefense #Cyberthreats
Find out how the #F5Labs team examines the growing sophistication of bot adversaries & how they exploit application vulnerabilities without triggering traditional alarms.
🔗 ➡️ go.f5.net/l6nk6bsj
#CISOs #Cybersecurity
🔗 ➡️ go.f5.net/l6nk6bsj
#CISOs #Cybersecurity
August 25, 2025 at 8:00 PM
Find out how the #F5Labs team examines the growing sophistication of bot adversaries & how they exploit application vulnerabilities without triggering traditional alarms.
🔗 ➡️ go.f5.net/l6nk6bsj
#CISOs #Cybersecurity
🔗 ➡️ go.f5.net/l6nk6bsj
#CISOs #Cybersecurity
As software engineers & security architects, staying ahead of the curve in encryption protocols is critical for safeguarding sensitive data.
⬇️ Check out 3 reasons why you should care about #TLS 1.3.
#Cybersecurity #Cryptography #DataProtection
⬇️ Check out 3 reasons why you should care about #TLS 1.3.
#Cybersecurity #Cryptography #DataProtection
August 25, 2025 at 6:00 PM
As software engineers & security architects, staying ahead of the curve in encryption protocols is critical for safeguarding sensitive data.
⬇️ Check out 3 reasons why you should care about #TLS 1.3.
#Cybersecurity #Cryptography #DataProtection
⬇️ Check out 3 reasons why you should care about #TLS 1.3.
#Cybersecurity #Cryptography #DataProtection
The impending arrival of #QDay is closer than ever!
What does this mean?
Find out as the #F5labs team evaluates the state of #PQC and steps you can take to make sure your website and data are safe!
www.f5.com/labs/article...
What does this mean?
Find out as the #F5labs team evaluates the state of #PQC and steps you can take to make sure your website and data are safe!
www.f5.com/labs/article...
August 22, 2025 at 7:00 PM
The impending arrival of #QDay is closer than ever!
What does this mean?
Find out as the #F5labs team evaluates the state of #PQC and steps you can take to make sure your website and data are safe!
www.f5.com/labs/article...
What does this mean?
Find out as the #F5labs team evaluates the state of #PQC and steps you can take to make sure your website and data are safe!
www.f5.com/labs/article...
Many #SparkRAT rules rely on brittle strings like “Spark/client/config.GetBaseURL,” which attackers can rename using software engineering refactoring tools.
Our approach is as follows ⬇️
#F5Labs #YARA #AppSec #ThreatDetection
Our approach is as follows ⬇️
#F5Labs #YARA #AppSec #ThreatDetection
August 21, 2025 at 10:11 PM
Many #SparkRAT rules rely on brittle strings like “Spark/client/config.GetBaseURL,” which attackers can rename using software engineering refactoring tools.
Our approach is as follows ⬇️
#F5Labs #YARA #AppSec #ThreatDetection
Our approach is as follows ⬇️
#F5Labs #YARA #AppSec #ThreatDetection