F5 Labs

Learn which CVEs attackers scanned for most in the first half of 2022.

Learn what zero trust architecture (ZTA) is and how to apply it to your environment.

We found a novel malware strain that is targeting financial sites in Italy and Spain... so far.

NIST and the UK's NCSC currently recommend not enforcing frequent password changes, and instead to use longer passphrases over shorter passwords. We take a look at the math to see what really makes sense, and arrive at some straightforward suggestions.

Despite how they sound, Spring4Shell and the related vulnerabilities in the Spring Framework aren’t exactly like Log4Shell. Learn how they work and what you can do.

The applications we need to run inside our organizations can turn malicious, so how can we architect for this?

Distributed denial-of-service attacks soared in complexity and size during 2021.

Practical, relatively easy to perform actions that companies of different security postures can take immediately, based on the overall maturity of their existing security program. Because saying "just patch" isn't helpful.

Learn how the threat landscape evolved in 2021 so you can tune your defenses to suit.

Access control is an essential aspect of information security that enables organizations to protect their most critical resources by controlling who has access to them.

Managing online privacy is a balancing act for both users and security professionals. We can do better than simply following privacy regulations such as the GDPR and CPRA.

We asked a diverse group of F5 security experts about cybersecurity in 2022. Here’s what they said. We look at cyber-war, cyber-crime, the cloud, the supply chain, encryption keys, and new ransomware targets.

A deconstruction of FluBot 5.0’s new communication protocol and other capabilities FluBot uses to hide, making it difficult for researchers and security solutions to detect.

Moving to the cloud has benefits, but it must be balanced against the likelihood of outages in single-provider environments.

It can be easy to give in to frustration and pessimism during catastrophic events. But there are signs that not all is lost, even in the world of software dependencies.

As Christmas quickly approaches, seasonal phishing trends once again show that attackers are taking advantage of increased online shopping. Fraudsters doubled their efforts in November attacking ecommerce giants such as Amazon. The real attacker focus, however, was cryptocurrency with fraudulent sites...

The log4j security vulnerability is one of the most widespread cybersecurity vulnerabilities in recent years. Here's a non-technical explanation of it.

Scans continue against remote logins like VNC, RDP, and SSH, as well as MySQL and Elasticsearch. And what’s going on in Malaysia and Lithuania?

Retail fraud, identity theft, account takeovers, stolen payment cards—it feels like digital fraud is everywhere. Understand it better to fight it more effectively.

A look at multi-cloud security strategies, including the emerging practices of omni-cloud, Functions as a Service, Containers as a Service, cloud security posture management, and data sovereignty.