Risky Bulletin Risky Bulletin: F5 says an APT stole source code, vulnerability reports
15 snips
Oct 16, 2025 A major APT breached F5, stealing source code and vulnerability reports over nearly a year. In Europe, a politician filed a criminal complaint against Hungary's PM for alleged spyware deployment. Hijacked airport PA systems in Canada and the U.S. aired political messages, causing chaos. Meanwhile, a hacker behind the PowerSchool breach received prison time for compromising data on 70 million individuals. Also, Microsoft revoked numerous malware-signing certificates to combat rising threats.
AI Snips
Chapters
Transcript
Episode notes
MEP Files Complaint Over Spyware Attempt
- MEP Daniel Freund filed a criminal hacking complaint claiming Hungary's secret service tried to push Kandiru spyware onto his device last May.
- The EU cyber team detected the attempted deployment amid Freund's vocal criticism of Viktor Orbán.
Treat Education Platform Breaches As High Risk
- Secure education platforms and assume high-impact breaches can expose millions of records.
- Investigate, prosecute, and seek restitution as with the PowerSchool hack where the attacker was jailed and ordered to pay $14 million.
Signed Malware Abuse And Certificate Revocation
- Malware gangs increasingly abused legitimate signing certificates to masquerade as trusted apps and poison search results.
- Microsoft revoked 200 certificates linked to the Vanilla Tempest/Vice Society group to disrupt that tactic.