NCSC Issues Ugent Patch Notice of F5 BIG-IP Vulnerability
The NCSC is encouraging UK organisations to take immediate action to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager (CVE-2025-53521). F5 BIG-IP APM is a common component, especially within large enterprises. F5 has published an updated security advisory explaining that a previously disclosed vulnerability in BIG-IP APM has been recategorised as an […] The post NCSC Issues Ugent Patch Notice of F5 BIG-IP Vulnerability appeared first on DIGIT .
The NCSC is encouraging UK organisations to take immediate action to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager (CVE-2025-53521).
F5 BIG-IP APM is a common component, especially within large enterprises.
F5 has published an updated security advisory explaining that a previously disclosed vulnerability in BIG-IP APM has been recategorised as an unauthenticated remote code execution vulnerability
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).
F5 is aware of active exploitation of CVE-2025-53521 affecting BIG-IP APM.
The NCSC is working to fully understand UK impact and any potential cases of active exploitation affecting UK networks.
The NCSC recommends investigating for compromise on all affected products regardless of when the system was updated. F5 have published Indicators of Compromise.
All organisations using BIG-IP APM are affected by this vulnerability.
Recommended reading
-
Report: Vulnerability Exploitation Surge Endangers Cybersecurity
-
Microsoft Issues Critical Patches as Threat Actors Hit SharePoint
-
Half of SMEs Struggle to Keep Up With Security Threats
-
1 in 4 SMEs Find Remote Working A Key Cybersecurity Concern
The NCSC recommends following vendor best-practice advice to mitigate vulnerabilities. In this case due to reports of in the wild exploitation, if you use an affected product, you should take these priority actions:
-
Read the security advisory and Indicators of Compromise.
-
If possible, isolate the affected system(s) and replace with a new, fully up-to-date system (NOTE: this may cause service outage).
-
Fully investigate for evidence of compromise following the vendor guidance (an assured Cyber Incident Response provider can assist). Where this isn’t possible; the affected system should be erased/destroyed and rebuilt as new.
-
If you believe you have been compromised, and are in the UK, you should report it and consider using an assured Cyber Incident Response provider. You can also report the compromise to the vendor to assist their investigation.
-
Update to the latest version of the affected product.
-
Apply any appropriate security hardening.
-
Re-enable/reintroduce the affected system(s).
-
Perform continuous threat hunting activities.
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
updatepolicycomponent
Dynamic Graph Neural Network with Adaptive Features Selection for RGB-D Based Indoor Scene Recognition
arXiv:2604.00372v1 Announce Type: new Abstract: Multi-modality of color and depth, i.e., RGB-D, is of great importance in recent research of indoor scene recognition. In this kind of data representation, depth map is able to describe the 3D structure of scenes and geometric relations among objects. Previous works showed that local features of both modalities are vital for promotion of recognition accuracy. However, the problem of adaptive selection and effective exploitation on these key local features remains open in this field. In this paper, a dynamic graph model is proposed with adaptive node selection mechanism to solve the above problem. In this model, a dynamic graph is built up to model the relations among objects and scene, and a method of adaptive node selection is proposed to ta
Collaborative Task and Path Planning for Heterogeneous Robotic Teams using Multi-Agent PPO
arXiv:2604.01213v1 Announce Type: cross Abstract: Efficient robotic extraterrestrial exploration requires robots with diverse capabilities, ranging from scientific measurement tools to advanced locomotion. A robotic team enables the distribution of tasks over multiple specialized subsystems, each providing specific expertise to complete the mission. The central challenge lies in efficiently coordinating the team to maximize utilization and the extraction of scientific value. Classical planning algorithms scale poorly with problem size, leading to long planning cycles and high inference costs due to the combinatorial growth of possible robot-target allocations and possible trajectories. Learning-based methods are a viable alternative that move the scaling concern from runtime to training ti
Offline Constrained RLHF with Multiple Preference Oracles
arXiv:2604.00200v1 Announce Type: new Abstract: We study offline constrained reinforcement learning from human feedback with multiple preference oracles. Motivated by applications that trade off performance with safety or fairness, we aim to maximize target population utility subject to a minimum protected group welfare constraint. From pairwise comparisons collected under a reference policy, we estimate oracle-specific rewards via maximum likelihood and analyze how statistical uncertainty propagates through the dual program. We cast the constrained objective as a KL-regularized Lagrangian whose primal optimizer is a Gibbs policy, reducing learning to a convex dual problem. We propose a dual-only algorithm that ensures high-probability constraint satisfaction and provide the first finite-s
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Releases
Tencent to Launch Hunyuan 3.0 in April, Build WeChat AI Agent - Caixin Global
<a href="https://news.google.com/rss/articles/CBMitAFBVV95cUxNMG9uakFkUnF3WXFlM2lDNzdHZE9qVUlJdUdzdndTQVprVE55NlVmQUhLZ0tmOVJTelNSOG14bWcyMGtlM1hwMG9mSEZTNVdGd2Q0OVIyWlNwWVhCcF9FYUstMklmOEZNYmx0Vm0zb3FmeTZFRlI5dWg4OFdRNVc5RmxienpGQWszeU5ZbTQybHFxWmlTc3VsTUJBdGRGbWJVUEh6ZzhkQVdzX0dhMGFtWmJ2a1U?oc=5" target="_blank">Tencent to Launch Hunyuan 3.0 in April, Build WeChat AI Agent</a> <font color="#6f6f6f">Caixin Global</font>
Google's $20 per month AI Pro plan just got a big storage boost
Google's $20 per month AI Pro plan , which includes Gemini, Veo and Nano Banana, got a big storage boost and some other new perks. Users of the plan (also available for $200 per year ) will see their cloud space jump from 2TB to 5TB at no extra cost. That extra storage can be used not only for AI but also Gmail, Google Drive and Google Photos backups. Gemini can now pull context from Gmail and the web for Drive, Docs, Slides and Sheets, provide summaries for your Gmail inbox and proofread emails before you send them. It's also introducing additional agentic help with Chrome auto browse "that handles those tedious, multi-step chores — like planning a trip or filling out forms," Google VP Shimrit Ben-Yair wrote on X . Finally, Google announced that it's bundling its Home Premium subscription
Dubai launches AI-powered digital ecosystem to drive $2.72bn growth in two years - Arabian Business
<a href="https://news.google.com/rss/articles/CBMiugFBVV95cUxPbXJLRFR2anI4cDJWNG10WnJXZGY1U0lHVHA0YzJBU1lvRndBU2NiX3VQeC16Tl9tSnhVTWZGRjRGdUZFLW43bU1TeV9nUXZERHRYOW1FMGg4UndjZXQ5RnZHS1p2QVpjenFnSGlLTExUTG15N1BmN1h2cXRBcW9YdWRWZ3ZnWmFMNHF3UEFZNTJmNFpVeTB0VXgzSXUzVnFCUTM2LUZUbXNUamFoREhIWDY4b2h4VllQMkE?oc=5" target="_blank">Dubai launches AI-powered digital ecosystem to drive $2.72bn growth in two years</a> <font color="#6f6f6f">Arabian Business</font>
The Chronicles of RiDiC: Generating Datasets with Controlled Popularity Distribution for Long-form Factuality Evaluation
arXiv:2604.00019v1 Announce Type: new Abstract: We present a configurable pipeline for generating multilingual sets of entities with specified characteristics, such as domain, geographical location and popularity, using data from Wikipedia and Wikidata. These datasets are intended for evaluating the factuality of LLMs' long-form generation, thereby complementing evaluation based on short-form QA datasets. We present the RiDiC dataset as an example of this approach. RiDiC contains 3,000 entities from three domains -- rivers, natural disasters, and car models -- spanning different popularity tiers. Each entity is accompanied by its geographical location, English and Chinese names (if available) and relevant English and Chinese Wikipedia content, which is used to evaluate LLMs' responses. Gen
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!