F5 Labs

A few formerly popular CVEs fell in traffic in August, leaving an old router vuln to resume its normal position at the top. Plus seven new CVEs added to the list of signatures.

Learn how attackers use server initiated connections and other clever tricks to deliver shells to attackers, circumventing inbound firewalls and access controls.

Part one of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.

One old favorite CVE declined by more than half in July, and a new one (to us) was so heavily targeted it ended up ranked fifth out of 72.

Bot traffic for the first half of 2023 was fairly typical, some rapid change in a few industries notwithstanding. Learn who got hit hard and who got off easy.

The term identity is everywhere in security, but we rarely discuss or deal with all of the depth and complexity it entails. Sam Bisbee explores the layers inherent in identity and what they mean for managing risk.

In terms of attacker interest, it was more about continuity than change in June, with many of the same old CVEs being targeted.

Explore the concept of web shells, their usage by attackers, and effective defenses against this post-exploit activity in this article by F5 Labs.

AI tools are spreading rapidly and CISOs need to be ready.

Relative stability in attacker activity this past month serves to highlight the ongoing importance of Exchange Server vulnerabilities and poorly-secured IoT devices to attackers.

Explore a highly automated attack against a sneaker manufacturer and learn how resellers optimize their bots for success, and profit!

A new vuln popped up in our traffic this month, as well as lots of the same old CVEs—IoT and Microsoft Exchange.

Some IoT vulnerabilities, some Microsoft Exchange vulnerabilities, but not too much going on in March.

As of March we are contributing our vulnerability targeting intelligence to FIRST’s Exploit Prediction Scoring System.

One IoT vulnerability stops growing, and another one starts. See what attackers are up to this month.

A deep dive into a sustained attack by reseller bots aimed at snatching every available PlayStation 5 during the console's big launch at a large US retailer.

Plus, the 7 Weirdest CVEs (You won’t believe number 6!)

One vulnerability took all the headlines in January, and, well, it probably won’t shock you.

We analyzed the last three years of DDoS data, and found attackers shifting to more complex approaches, and shifting up the stack.

Security automation continues to be an enticing capability for security programs and while it delivers on many promises, it does not fully deliver the promised workforce economic benefit.