TWIS

149 Topics

VulnCon 2025, EU CRA, CVE funding, Smishing Kit
Notable security news for the week of April 13th through April 20th. Your editor this week is Chris from the F5 Security Incident Response Team. A bit of a different format this week as I was in Raleigh for VulnCon 2025 the previous week. I will discuss highlights from that as well as notable events from the past week. VulnCon 2025 The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (aka “VulnCon”), which was sponsored by FIRST and the CVE Program, was held from April 7th through April 10th this year. The aim of this conference is to promote collaboration between various vulnerability management and cybersecurity professionals to better help the whole cybersecurity ecosystem. Key topics that were highlighted this year were the EU's Cyber Resilience Act (CRA), Vulnerability Exploitability eXchange (VEX), Cybersecurity Assurance Framework (CSAF), and publishing more complete CVE records or Vulnrichment. I will discuss the CRA in the next paragraph. VEX facilitates the exchange of vulnerability information, fostering collaboration to swiftly address emerging threats. Concurrently, CSAF ensures a standardized approach to cybersecurity practices. One of the pushes that was discussed was to get security scanners to start ingesting VEX to help decrease the amount of false positives and focus more on vulnerabilities that are exploitable. As for Vulnrichment, it is alarming that a large number of CVEs that are disclosed every year do not include Common Weakness Enumerations (CWE) or Common Vulnerability Scoring System (CVSS) scores. I agree that adding this information at a minimum would be very beneficial to both the consumers as well as the vendor. The vendor is in the best position to assign these in a more accurate manner since they are most familiar with the products. https://www.first.org/conference/vulncon2025/ https://openssf.org/blog/2023/09/07/vdr-vex-openvex-and-csaf/ EU Cyber Resilience Act (CRA) The Cyber Resilience Act introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle. The main goals of this act are to ensure that products with digital elements placed on the EU market have fewer vulnerabilities that Manufacturers remain responsible for cybersecurity throughout a product’s life cycle, improve transparency on security of hardware and software products and bring benefits to business users and consumers from better protection. Products will bear the CE marking as is common with many other products sold, which means they have been assessed to meet high safety, health, and environmental protection requirements. The three main roles that are laid out are: Manufacturers: If you develop or manufacture products with "digital elements" for sale in the EU. Open-Source Software (OSS) Stewards: Entity other than a manufacturer that provides support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products. Examples of this would be the Linux Foundation, Apache Foundation, etc.... OSS Developers: Upstream maintainer or developer of open-source software that is used by the manufacturer. The key point to note in this distinction of these three roles is that if there is a vulnerability exploited in open-source software, the manufacturer is the one held liable. The OSS Steward and the OSS Developers are not being held liable. This makes it a good idea to develop working relationships with the OSS upstream developers for when emergencies do arise. Now to focus on the manufacturer requirements. I will not touch all of them as the CRA is a large document but will point out some of the key topics. Secure-By-Default and Secure-By-Design principles will now be a requirement and not just a pledge. Products with digital elements shall be delivered without any known exploitable vulnerabilities. Manufacturers will need to provide evidence that the product was checked before release. A risk assessment will need to be provided with the product and the contents of that assessment are laid out in Annex I of the document. Manufactures must be able to provide SBOMS in either SPDX or CycloneDX format at the request of authorities. Manufacturers must , address and remediate vulnerabilities without delay, which includes providing security updates. Manufacturers must provide support for a minimum of 5 years, including security updates and that each security update remains available after it has been issued for a minimum of 10 years or for the remainder of the support period, whichever is longer. There are also reporting requirements. Highlight a couple of them; they pertain to actively exploited vulnerabilities and severe incidents having an impact on the security of the product. An early warning notification of an actively exploited vulnerability or severe incident, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it. Then "an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be". That was taken from the document and you can see how thorough they are being when detailing what to report. The final report will need to be submitted by 14 days for active exploits and one month for severe incidents. Then to explain where to report: "The notification shall be submitted using the electronic notification end-point of the CSIRT designated as coordinator of the Member State where the manufacturers have their main establishment in the Union and shall be simultaneously accessible to ENISA". This means that the manufacturer will need to choose one of the European country's CSIRT teams to be the point of contact. As for the consequences of non-compliance, the EU is not playing around with that either: Non-compliance with the essential cybersecurity requirements set out in Annex I and the obligations set out in Articles 13 and 14 shall be subject to administrative fines of up to EUR 15,000,000 or, if the offender is an undertaking, up to 2.5% of its total worldwide annual turnover for the preceding financial year, whichever is higher. Non-compliance with the obligations set out in Articles 18 to 23, Article 28, Article 30(1) to (4), Article 31(1) to (4), Article 32(1), (2) and (3), Article 33(5), and Articles 39, 41, 47, 49 and 53 shall be subject to administrative fines of up to EUR 10,000,000 or, if the offender is an undertaking, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher. The supply of incorrect, incomplete or misleading information to notified bodies and market surveillance authorities in reply to a request shall be subject to administrative fines of up to EUR 5,000,000 or, if the offender is an undertaking, up to 1% of its total worldwide annual turnover for the preceding financial year, whichever is higher. To explain those bullet points more simply, everything I mentioned above about manufacturer requirements and reporting all fall under Annex I or Articles 13 and 14 so would be subject to the most severe penalties per incident. As for the timelines of this act, the CRA was officially adopted on October 10, 2024, and entered into force on December 10, 2024. However, the CRA's main obligations will apply starting from December 11, 2027. Some earlier obligations will apply, such as the reporting of vulnerabilities and severe incidents, starting from September 11, 2026. Additionally, the rules on conformity assessment bodies will be applicable from June 11, 2026. https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act https://github.com/SecurityCRob/presentations/blob/main/CRA%20PSIRT%20TL_DR.pdf CVE Program Funding The Common Vulnerabilities and Exposures (CVE) program, managed by MITRE, was facing funding expiration on April 16, 2025. The program is essential for identifying and tracking security vulnerabilities in software and hardware. Without funding, the CVE program would stop adding new vulnerabilities, which could lead to significant impacts on national vulnerability databases, cybersecurity tools, incident response operations, and critical infrastructure. MITRE's Vice President Yosry Barsoum expressed hope that the government is making efforts to continue supporting the program. Luckily, the Department of Homeland Security's (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was able to secure funding at the last moment, to fund the program for 11 more months. This is despite ongoing budget and staffing cuts to CISA by the current administration. The cybersecurity community has expressed concern over the potential loss of the CVE program, emphasizing its importance in standardizing vulnerability information and aiding in the timely patching of security flaws. On April 16, MITRE announced the creation of a non-profit entity called "The CVE Foundation" to continue the program's work under a new funding mechanism. https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/ The CVE Foundation The CVE Foundation was launched to secure the future of the CVE Program. The CVE Foundation was formally established on April 16, 2025, to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. The CVE Program has been a U.S. government-funded initiative for 25 years, raising concerns about sustainability and neutrality due to its reliance on a single government sponsor. MITRE notified the CVE Board on April 15, 2025, that the U.S. government would not renew its contract for managing the program. In response, a coalition of CVE Board members developed a strategy to transition CVE to a dedicated, non-profit foundation to continue delivering high-quality vulnerability identification. CVE identifiers and data are crucial for cybersecurity professionals worldwide, aiding in security tools, advisories, threat intelligence, and response. Going forward, the CVE Foundation aims to eliminate a single point of failure in the vulnerability management ecosystem and ensure the CVE Program remains globally trusted and community-driven. https://www.thecvefoundation.org/home Pay Your Tolls!! About 3 and a half years ago, I was driving into Denver on Interstate 70 coming from the East. I had no need to drive through Denver as I was heading north through Wyoming anyway. Well, a few miles before the city there was an offramp for E-470, a toll highway that would bypass Denver and connect to I-25 a few miles north of the city. I had never used a toll highway before since I live in Eastern Washington where they are unheard of. I was picturing a scene out of a movie where you pull up to a booth and pay an attendant. I was surprised as I merged onto the highway and everyone was driving at 60+ MPH. I saw a sign that stated the system used E-ZPass and would scan the license plate. Fast forward a few months and I receive a bill in the mail from E-ZPass, a pretty nice way to bypass driving through the middle of a large city, I thought. Now, unfortunately, a smishing campaign is targeting that same system to trick victims into giving them their payment information. Since mid-October 2024, multiple financially motivated threat actors have been using a smishing kit developed by "Wang Duo Yu" to target toll road users in eight U.S. states. The campaign impersonates U.S. electronic toll collection systems like E-ZPass, sending SMS messages and Apple iMessages about unpaid tolls, urging recipients to click on fake links. Victims are prompted to solve a fake CAPTCHA challenge and enter personal and financial information on fraudulent pages, which is then siphoned off to the threat actors. Wang Duo Yu, a computer science student in China, is alleged to be the creator of the phishing kits used by the Smishing Triad, a Chinese organized cybercrime group. The Smishing Triad has conducted large-scale smishing attacks targeting postal services in 121 countries, using failed package delivery lures to harvest personal and financial information. Services like Oak Tel facilitate smishing on a global scale, allowing cybercriminals to send bulk SMS and manage campaigns efficiently. I have personally received 2 or 3 of these over the past few months. Luckily, I know the one time I drove on a toll road, so it was obvious to me that this was fake. I worry about people that are using these systems more regularly that may fall victim. https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html
Christopher_Pa1
Apr 23, 2025 Place Security Insights
89Views
2likes
0Comments
EV Car Hacking, AI bypass KYC, LLM does not trust human, and Active Cyber Defense
This Week In Security April 6-12 edition. In this article, discussing these topics: EV Car Hacking, AI bypass KYC, LLM does not trust human, and Active Cyber Defense.
Koichi
Apr 21, 2025 Place Security Insights
330Views
3likes
0Comments
Oracle hack, North Korean Hackers, Critical Flaw in Apache
This week in cybersecurity, it seems both hackers and defenders have been working overtime, While hackers have been creatively causing chaos, cybersecurity professionals have been equally busy patching up the digital world. It's a never-ending game of whack-a-mole, but with higher stakes and fewer mallets.
Lior_Rotkovitch
Apr 09, 2025 Place Security Insights
203Views
2likes
0Comments
IngressNightmare, Next.js critical, More Agents, pwned
Introduction Hello! ArvinF is your editor covering 23 to 29 March 2025 for this edition of F5 SIRT This Week in Security. Credit to the original sources. IngressNightmare Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet. This vulnerability is fixed in Ingress NGINX Controller versions 1.12.1 and 1.11.5, so do update to the latest version. Ensure the admission webhook endpoint is not exposed externally. Other mitigations if an upgrade is not yet possible are: Enforce strict network policies so only the Kubernetes API Server can access the admission controller. Temporarily disable the admission controller component of Ingress-NGINX F5 published K000150538: Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514 as F5 NGINX has a similarly named but different product NGINX Ingress Controller. The product has been assessed and it is not vulnerable to IngressNightmare related CVEs. https://my.f5.com/manage/s/article/K000150538 F5 also released in the March 27 2025 attack signature update (ASU) an attack signature to address IngressNightmare, namely, 200103569. K000150594: Attack Signatures for IngressNightmare: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 https://my.f5.com/manage/s/article/K000150594 High 200103569 New Kubernetes NGINX Ingress Admission Controller Command Execution Command Execution CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514 Kubernetes Ingress NGINX controller is vulnerable to remote command execution via a malicious AdmissionReview request https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ Next.js critical CVE-2025-29927 A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025-29927, enables attackers to send requests that reach destination paths without going through critical security checks. Next.js is a popular React framework with more than 9 million weekly downloads on npm. It is used for building full-stack web apps and includes middleware components for authentication and authorization. Next.js uses a header called 'x-middleware-subrequest' that dictates if middleware functions should be applied or not. The header is retrieved by the 'runMiddleware' function responsible for processing incoming requests. If it detects the 'x-middleware-subrequest' header, with a specific value, the entire middleware execution chain is bypassed and the request is forwarded to its destination. In the original research paper, the header and value "x-middleware-subrequest: /pages/_middleware" and "x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware" and its variations were the examples and are potential "Indication of Attack" and will be useful with monitoring and logging systems and threat hunting. F5 released in the March 23 2025 ASU, an attack signature to address CVE-2025-29927, namely, 200013111. High 200013111 New Next.js Middleware Authorization Bypass Authentication/Authorization Attacks CVE-2025-29927 Next.js is vulnerable to an authorization check bypass on middleware via a specially crafted request https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware https://www.bleepingcomputer.com/news/security/critical-flaw-in-nextjs-lets-hackers-bypass-authorization/ https://www.ncsc.gov.uk/news/vulnerability-affecting-nextjs-web-development-framework https://nextjs.org/blog/cve-2025-29927 https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/ Chrome emergency patches zero-day Google pushed out an emergency patch for Chrome on Windows this week to stop attackers from exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia. Now Mozilla’s doing damage control, too, after spotting a similar flaw – albeit unexploited, as far as we’re aware – lurking in the code of its Firefox browser. "The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist," wrote Kaspersky researchers Igor Kuznetsov and Boris Larin. https://securelist.com/operation-forumtroll/115989/ https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/ More Security Copilot Agents Microsoft revealed an expanded flight plan for Security Copilot, which is now assisted by 11 task-specific AI agents that interact with products like Defender, Purview, Entra, and Intune. Of the 11 Security Copilot agents introduced, five came from Microsoft Security partners. The Microsoft-made agents include: Phishing Triage Agent in Microsoft Defender, for sorting phishing reports. Alert Triage Agents in Microsoft Purview, for triaging data loss prevention and insider risk alerts. Conditional Access Optimization Agent in Microsoft Entra, for monitoring and preventing identity and policy issues. Vulnerability Remediation Agent in Microsoft Intune, for prioritizing vulnerability remediation. Threat Intelligence Briefing Agent in Security Copilot, for curating threat intelligence. Microsoft Security partners have also contributed to the agent pool: Privacy Breach Response Agent (OneTrust), for distilling data breaches into reporting guidance. Network Supervisor Agent (Aviatrix), for doing root-cause analysis on network issues. SecOps Tooling Agent (BlueVoyant), for assessing security operations center controls. Alert Triage Agent (Tanium), for helping security analysts prioritize alerts. Task Optimizer Agent (Fletch), for forecasting and prioritizing threat alerts. The eleventh agent resides in Microsoft Purview Data Security Investigations (DSI), an AI-based service designed to help data security teams deal with data exposure risks. Essentially, these agents use the natural language capabilities of generative AI to automate the summarization of high-volume data like phishing warnings or threat alerts so that human decision makers can focus on signals deemed to be the most pressing. F5 has reference literature on Agentic AI. The MS Security Pilot are "AI Agents" - focused on executing specific tasks based on predefined rules. "Agentic AI" has "autonomy and adaptive decision making" and is a combination of GenAI and AI Agents. Agentic AI combines extremely specific directive code that executes jobs with AI inference to generate or predict rich and contextual answers. Agentic AI is not magic, but it is more powerful than agents or GenAI operating alone. These two building blocks can be assembled in various amounts and combinations, automating a flow of work to produce tremendously valuable results. Here is a simple diagram depicting an automated agentic AI workflow. It uses multiple types of specialized agents and AI models to complete a set of actions. The solution executes until an acceptable outcome is achieved, and then it is fed back to the user. https://www.theregister.com/2025/03/24/microsoft_security_copilot_agents/ https://www.f5.com/company/blog/ai-agents-vs-agentic-ai-understanding-the-difference https://www.f5.com/company/blog/security-context-matters-for-agentic-ai https://community.f5.com/kb/technicalarticles/agentic-rag---securing-genai-with-f5-distributed-cloud-services/339571 https://www.youtube.com/watch?v=Pwb8k3LPKgI HaveIbeenPwned mail list leaked Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list. The list comprises around 16,000 records, and every active subscriber will be receiving a notification and apology email soon. Around half of these records (7,535), however, pertain to individuals who had unsubscribed from the list. Based on the original blog post, tiredness was a factor in the momentary lapse in judgment. The brief moment where the credentials were captured, the attacker was able to export the HaveIbeenPwned mailing list, suspecting an automated attack. In general, we should protect our digital fingerprints as extensively as we can. Having a 2nd factor of authentication may not be sufficient anymore with the advancement in phishing attacks. Use phishing-resistant MFAs where possible and stick to basics - if you are not sure, don’t click. https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/ https://www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/ https://www.pcmag.com/news/creator-of-haveibeenpwned-data-breach-site-falls-for-phishing-email https://www.cisa.gov/news-events/news/phishing-resistant-mfa-key-peace-mind NCSC taps influencers to make 2FA go viral In related news covering a much wider audience, the UK’s National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses. It's the latest effort to improve the nation's cyber resilience as part of Stop! Think Fraud campaign launched in February 2024 under Rishi Sunak’s government, drafting in comedic sketch artists and Instagram personal finance gurus to promote wider uptake of security technologies. "To boost public awareness about the crucial benefits of enabling two-step verification on their most important accounts, we’ve partnered with popular social media influencers to amplify this vital message and encourage a wider audience to adopt secure online habits," https://www.theregister.com/2025/03/26/ncsc_influencers_2fa/ https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-2-step-verification-on-your-email BlackLock ransomware gang pwned Cybersecurity vendor Resecurity is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims. Dubbed “BlackLock” (aka "El Dorado" or "Eldorado"), the ransomware-as-a-service (RaaS) outfit has existed since March 2024. In Q4 of last year, it increased its number of data leak posts by a staggering 1,425% quarter-on-quarter. According to independent reporting, a relatively new group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025. Resecurity identified a vulnerability present at the Data Leak Site (DLS) of BlackLock in the TOR network - successful exploitation of which allowed our analysts to collect substantial intelligence about their activity outside of the public domain. The Resecurity blog is a good read as they walk thru their exploit, findings and communications with the BlackLock group. Another group mentioned was DragonForce - very similar in techniques and also pwned the BlackLock Data Leak Site. https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure https://www.theregister.com/2025/03/27/security_shop_pwns_ransomware_gang/ https://www.infosecurity-magazine.com/news/blacklock-2025s-most-prolific/ And that's the week that was I hope you find the security news I picked educational. We have a mix of vulnerabilities, a zero day, Security CoPilot AI agents and F5 Agentic AI, phishing, UK NCSC 2FA public awareness campaign and for the cherry on top, a ransomware gang getting pwned. For vulnerabilities and zero days, update your system and software as soon as possible to mitigate these. Implement WAF, Bot Defense or DDoS mitigations where possible and in anticipation of future vulnerabilities and application attacks. Ensure only trusted users and networks have access to your systems. If a system does not need to be exposed for public access, ensure that it is not. For phishing, stand up the human firewall - be vigilant on received emails and links. If unsure, don’t click. Use MFA/phishing resistant MFA. An MFA is better than "no MFA”. AI agents and Agentic AI - we might have been using it and we may not have known. If you own one, ensure to protect it and implement security controls - Think F5 Distributed Cloud. Till next time - Stay Safe and Secure! As always, if this is your first TWIS, you can always read past editions. We also encourage you to check out all of the content from the F5 SIRT.
ArvinF
Apr 06, 2025 Place Security Insights
267Views
1like
1Comment
Wiz, Heathrow, Vibe Coding and 23andMe

Kyle_Fox
Mar 31, 2025 Place Security Insights
277Views
4likes
1Comment
AppSec, Camels, Typhoons, and Backdoors
Welcome back to the F5 SIRT's weekly roundup of whatever news caught the editor's eye, and whatever else we feel like covering. It's our soapbox, and we're going to use it! This week MegaZone is once against at the keyboard, and we'll be covering news for the week of March 2-8, 2025.
MegaZone
Mar 21, 2025 Place Security Insights
178Views
2likes
1Comment
Phishing, Malware and Spyware Campaign, BRUTED Tool & CISA’s List Of Exploited Vulnerabilities

Dharminder
Mar 19, 2025 Place Security Insights
223Views
2likes
0Comments
A Very Chinese New Year
Happy New Year everyone! It's a new year, with new news, and the same old(er) MegaZone. This time we're looking at the news that I found worthy from the week of January 5-11, 2025. (Have you gotten used to typing 2025 yet?) I found it to be a fairly slow news week, and not much really grabbed my attention enough that I felt it was worth commenting on. That's not too unusual for the start of a new year, as there is often a bit of a post-holiday lull. Not that there was no news at all, it is never truly quiet in cybersecurity, just that most of it was run-of-the-mill stuff, IMHO. Oh, and as for the title of this 'issue', I know the Lunar New Year (aka Chinese New Year) isn't until January 29th, but I couldn't pass up the play on words given the topic below. And with that, let's dive in.
MegaZone
Mar 11, 2025 Place Security Insights
242Views
2likes
0Comments
AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more
Welcome to this week’s notable security news (Feb 24–Mar 2, 2025), brought to you by Jordan_Zebor from F5 SIRT. Although our main focus is usually on emerging threats and protective measures, I recently attended F5 AppWorld 2025 in person and found it invaluable for understanding what’s next in secure application delivery. For those who aren’t familiar, F5 AppWorld is an in-person conference packed with sessions, hands-on labs, and networking opportunities—an ideal forum for discussing real-world challenges in securing and optimizing applications. F5 AppWorld was especially exciting this year, with one major announcement immediately standing out: ADC 3.0—the industry’s first converged platform for application delivery and security in hybrid multicloud infrastructures. At its core, ADC 3.0 features the F5 AI Gateway, which mitigates threats like sensitive information disclosure and prompt injection, directly addressing the OWASP LLM Top 10 vulnerabilities. From our F5 SIRT perspective, this integrated traffic management and AI-specific threat protection is a big step forward in stopping sophisticated attacks before they reach critical assets. Another key development was the new AI assistant for F5 NGINX One. Powered by a large language model trained specifically for NGINX, it offers real-time, context-aware guidance for DevOps, SecOps, NetOps, and Platform Ops teams. By reducing manual troubleshooting and configuration time, it promises noticeable improvements in both performance and security operations. F5’s expanded VELOS hardware—including the CX1610 6-Tbps chassis and BX520 400-Gbps blade—also drew significant attention. With the ability to handle 224 million Layer 7 requests per second, VELOS provides robust defenses against large-scale DDoS attacks and other disruptive threats. In an era of escalating assaults, its high throughput and low latency are invaluable for maintaining availability. Outside of these technical highlights, astronaut Scott Kelly’s keynote was a memorable conference moment. He offered both humor and insight on resilience and learning from failure, showing how teams can excel under pressure. Overall, F5 AppWorld underscored the importance of having direct conversations about strong security practices and real-world application needs. Hearing customers’ challenges firsthand inspires us at F5 SIRT to continuously refine our countermeasures and strategies. For anyone looking to stay ahead of the evolving threat landscape, the innovations unveiled at AppWorld provide a glimpse into what’s possible. If you’d like to learn more, visit F5’s website or contact us directly to explore how these solutions might improve your security posture.
Jordan_Zebor
Mar 06, 2025 Place Security Insights
175Views
3likes
0Comments
U.S. Government cuts, Majorana 1 Chip, CVEs for Mongoose and OpenSSH
Notable news for the week of February 17th through February 24th. Your editor this week is Chris from the F5 Security Incident Response Team. For this edition, we discuss U.S. government cuts to cyber security and consumer protections; Microsoft’s advancement in the field of quantum computing, and new flaws found in both MongoDB as well as OpenSSH. Cuts to Cyber and Consumer Protections With the new administration in the US, there have been a large amount of job cuts throughout the federal government. This also includes at least 130 employees being fired from the Cybersecurity and Infrastructure Security Agency (CISA). These cuts are reported to include staff dedicated to election security, fighting misinformation, and foreign influence operations. Along with the cuts, the Department of Government Efficiency (DOGE) arrived at CISA and were given access to the agency’s email and files. DOGE has been gaining access to many sensitive federal agencies that contain a large amount of personal and financial information on Americans. These agencies include the Social Security Administration (SSA), the Department of Homeland Security, the Office of Personnel Management (OPM), and the Treasury Department. DOGE has also been trying to gain access to the systems of the Internal Revenue Service (IRS). From a security standpoint, this is extremely alarming because it appears to be bypassing many security safeguards and measures. This sentiment is reported by many security experts. Another aspect that does not inspire confidence is that the doge.gov website administrators had left their database wide open, allowing someone to publish messages making fun of the insecurity that the site has. On the aspect of consumer protection, the Consumer Financial Protection Bureau (CFPB) was ordered to stop most work. The CFPB was created in 2011 to protect consumers from financial institutions that violate consumer protection laws. The newly appointed CFPB director, Russell Vought, has publicly favored abolishing the agency which is alarming since it would remove some of the regulations that exist. https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/ Microsoft's Majorana 1 Chip Microsoft has announced the world's first quantum processor that uses topological qubits. They have named this the Majorana 1. They have designed this to scale to a million qubits on a single chip. Typical qubits are highly sensitive to noise in the environment. This can cause them to lose their quantum state introducing errors. This is known as decoherence. To counter this there needs to be many more qubits added for error correction which means a lot more room needed for just one qubit to work. Topological qubits work by encoding information in the topology of the physical system which in theory, makes each qubit more fault tolerant. Essentially, this means few are needed in the long run to produce a quantum computer. This is a huge achievement but along with it comes the security concerns. The main concern being the ability to do quantum decryption. This technology brings the reality of a fault tolerant protype to years instead of decades. Many believe this will be within 5 to 10 years. https://www.securityweek.com/what-microsofts-majorana-1-chip-means-for-quantum-decryption/ Critical MongoDB Library Flaws Two critical vulnerabilities in a third-party library that MongoDB relies on was found which can lead to stolen data or code to be ran. Mongoose is an Object Data Modeling (ODM) library used by MongoDB to enable database integrations in Node.js applications. Researchers at OPSWAT revealed two critical security flaws that threaten the integrity of data stored in MongoDB as well as opening it up to theft, manipulation, or destruction. This first CVE is CVE-2024-53900 which is given a CVSS score of 9.1. This is an SQL injection bug which allows a specially crafted query to bypass MongoDB's server-side JavaScript restrictions potentially leading to a remote code execution (RCE). This was reported in November and patched in version 8.8.3. The second CVE is CVE-2025-23061 with a CVSS score of 9.0. This was found by the same researcher and is actually a bypass in the patched version that still allowed for RCE. This was addressed in version 8.9.5. https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/ New OpenSSH Flaws Two new security vulnerabilities have been found in the OpenSSH suite which could result in an active Machine-in-the-Middle (MitM) or a Denial-of-Service (DoS) attack under specific conditions. The first is CVE-2025-26465 with a CVSS score of 6.8. The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to a MitM attack if the VerifyHostKeyDNS option is enabled. The second is CVE-2025-26466 with a CVSS score of 5.9. The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption. A successful exploitation of the first one could permit malicious actors to compromise and hijack SSH sessions and possibly gain access to sensitive data. The VerifyHostKeyDNS is disabled by default. Exploitation of the second CVE can result in availability issues as indicated by labeling as a DoS vulnerability. Both of these CVEs have been addressed in version 9.9p2 of OpenSSH which was released on February 18th. https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html
Christopher_Pa1
Mar 04, 2025 Place Security Insights
447Views
2likes
1Comment

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_MetaNav\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/TWIS\"}}})":{"__typename":"ComponentRenderResult","html":"

Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Beta_Footer\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/TWIS\"}}})":{"__typename":"ComponentRenderResult","html":" "}},"componentScriptGroups({\"componentId\":\"custom.widget.Tag_Manager_Helper\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[],\"name\":\"TagPage\",\"props\":{},\"url\":\"https://community.f5.com/tag/TWIS\"}}})":{"__typename":"ComponentRenderResult","html":"

"}},"componentScriptGroups({\"componentId\":\"custom.widget.Consent_Blackbar\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageListTabs\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageListTabs-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageView/MessageViewInline\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/Pager/PagerLoadMore\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/customComponent/CustomComponent\"]})":[{"__ref":"CachedAsset:text:en_US-components/customComponent/CustomComponent-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/OverflowNav\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageUnreadCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageViewCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageViewCount-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/kudos/KudosCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/kudos/KudosCount-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRepliesCount\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745595728815"}],"cachedText({\"lastModified\":\"1745595728815\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745595728815"}]},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Former Member","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"dd-MMM-yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","possibleValues":["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1745595724052":{"__typename":"CachedAsset","id":"pages-1745595724052","value":[{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1739501733000,"localOverride":null,"page":{"id":"Test","type":"CUSTOM","urlPath":"/custom-test-2","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1745595724052,"localOverride":null,"page":{"id":"HowDoI","type":"COMMUNITY","urlPath":"/c/how-do-i","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this site.","userBannedReason":"You have been banned for the following reason: {reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:theme:customTheme1-1745595709981":{"__typename":"CachedAsset","id":"theme:customTheme1-1745595709981","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["custom"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"JimmyPackets-512-1702592938213.png","imageLastModified":"1702592945815","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"f5_logo_fix-1704824537976.svg","imageLastModified":"1704824540697","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1600px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_PAGE_CONTENT","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"5px","borderRadius":"5px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"14px","paddingXHero":"42px","fontStyle":"NORMAL","fontWeight":"400","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-400)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-400-h), var(--lia-bs-gray-400-s), calc(var(--lia-bs-gray-400-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-300)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-300-h), var(--lia-bs-gray-300-s), calc(var(--lia-bs-gray-300-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"NONE","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.06)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.15)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-primary)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","defaultMessageFontFamily":"var(--lia-bs-font-family-base)","forumColor":"#0C5C8D","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#62C026","blogColor":"#730015","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#C20025","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#F3704B","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#EE4B5B","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#491B62","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#949494","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0C5C8D","secondary":"#333333","bodyText":"#222222","bodyBg":"#F5F5F5","info":"#1D9CD3","success":"#62C026","warning":"#FFD651","danger":"#C20025","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#C20025","#081B85","#009639","#B3C6D7","#7CC0EB","#F29A36"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Inter","fontStyle":"NORMAL","fontWeight":"600","h1FontSize":"30px","h2FontSize":"25px","h3FontSize":"20px","h4FontSize":"18px","h5FontSize":"16px","h6FontSize":"16px","lineHeight":"1.2","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":null,"imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"14px","defaultMessageHeaderMarginBottom":"10px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"14px","specialMessageHeaderMarginBottom":"10px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Atkinson Hyperlegible","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.3","fontSizeBase":"15px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"13px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1745595728815","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1745595728815","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/tags/TagPage-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-pages/tags/TagPage-1745595728815","value":{"tagPageTitle":"Tag:\"{tagName}\" | {communityTitle}","tagPageForNodeTitle":"Tag:\"{tagName}\" in \"{title}\" | {communityTitle}","name":"Tags Page","tag":"Tag: {tagName}"},"localOverride":false},"CachedAsset:quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1745595726654":{"__typename":"CachedAsset","id":"quilt:f5.prod:pages/tags/TagPage:community:zihoc95639-1745595726654","value":{"id":"TagPage","container":{"id":"Common","headerProps":{"removeComponents":["community.widget.bannerWidget"],"__typename":"QuiltContainerSectionProps"},"items":[{"id":"tag-header-widget","layout":"ONE_COLUMN","bgColor":"var(--lia-bs-white)","showBorder":"BOTTOM","sectionEditLevel":"LOCKED","columnMap":{"main":[{"id":"tags.widget.TagsHeaderWidget","__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"},{"id":"messages-list-for-tag-widget","layout":"ONE_COLUMN","columnMap":{"main":[{"id":"messages.widget.messageListForNodeByRecentActivityWidget","props":{"viewVariant":{"type":"inline","props":{"useUnreadCount":true,"useViewCount":true,"useAuthorLogin":true,"clampBodyLines":3,"useAvatar":true,"useBoardIcon":false,"useKudosCount":true,"usePreviewMedia":true,"useTags":false,"useNode":true,"useNodeLink":true,"useTextBody":true,"truncateBodyLength":-1,"useBody":true,"useRepliesCount":true,"useSolvedBadge":true,"timeStampType":"conversation.lastPostingActivityTime","useMessageTimeLink":true,"clampSubjectLines":2}},"panelType":"divider","useTitle":false,"hideIfEmpty":false,"pagerVariant":{"type":"loadMore"},"style":"list","showTabs":true,"tabItemMap":{"default":{"mostRecent":true,"mostRecentUserContent":false,"newest":false},"additional":{"mostKudoed":true,"mostViewed":true,"mostReplies":false,"noReplies":false,"noSolutions":false,"solutions":false}}},"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"},"__typename":"OneColumnQuiltSection"}],"__typename":"QuiltContainer"},"__typename":"Quilt"},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1745595728815","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:quiltWrapper:f5.prod:Common:1745595708603":{"__typename":"CachedAsset","id":"quiltWrapper:f5.prod:Common:1745595708603","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":"header.jpg","backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"LEFT_CENTER","lastModified":"1702932449000","__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.GainsightShared","props":{"widgetVisibility":"signedInOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Beta_MetaNav","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"community.widget.navbarWidget","props":{"showUserName":false,"showRegisterLink":true,"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"700","controllerHighlightColor":"hsla(30, 100%, 50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"15px","linkBoxShadowHover":"none","backgroundOpacity":0.4,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"48px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom":"10px","dropdownPaddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"0","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"center","linkColor":"var(--lia-bs-primary)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-primary)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid #0C5C8D","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","paddingTop":"10px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"#0C5C8D","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"#0C5C8D"},"links":{"sideLinks":[],"mainLinks":[{"children":[{"linkType":"INTERNAL","id":"migrated-link-1","params":{"boardId":"TechnicalForum","categoryId":"Forums"},"routeName":"ForumBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-2","params":{"boardId":"WaterCooler","categoryId":"Forums"},"routeName":"ForumBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-0","params":{"categoryId":"Forums"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-4","params":{"boardId":"codeshare","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-5","params":{"boardId":"communityarticles","categoryId":"CrowdSRC"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-3","params":{"categoryId":"CrowdSRC"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-7","params":{"boardId":"TechnicalArticles","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"article-series","params":{"boardId":"article-series","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"security-insights","params":{"boardId":"security-insights","categoryId":"Articles"},"routeName":"TkbBoardPage"},{"linkType":"INTERNAL","id":"migrated-link-8","params":{"boardId":"DevCentralNews","categoryId":"Articles"},"routeName":"TkbBoardPage"}],"linkType":"INTERNAL","id":"migrated-link-6","params":{"categoryId":"Articles"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"migrated-link-10","params":{"categoryId":"CommunityGroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"migrated-link-11","params":{"categoryId":"F5-Groups"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"migrated-link-9","params":{"categoryId":"GroupsCategory"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-12","params":{"boardId":"Events","categoryId":"top"},"routeName":"EventBoardPage"},{"children":[],"linkType":"INTERNAL","id":"migrated-link-13","params":{"boardId":"Suggestions","categoryId":"top"},"routeName":"IdeaBoardPage"},{"children":[],"linkType":"EXTERNAL","id":"Common-external-link","url":"https://community.f5.com/c/how-do-i","target":"SELF"}]},"className":"QuiltComponent_lia-component-edit-mode__lQ9Z6","showSearchIcon":false},"__typename":"QuiltComponent"},{"id":"community.widget.bannerWidget","props":{"backgroundColor":"transparent","visualEffects":{"showBottomBorder":false},"backgroundImageProps":{"backgroundSize":"COVER","backgroundPosition":"CENTER_CENTER","backgroundRepeat":"NO_REPEAT"},"fontColor":"#222222"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"var(--lia-bs-primary)","linkHighlightColor":"#FFFFFF","visualEffects":{"showBottomBorder":false},"backgroundOpacity":60,"linkTextColor":"#FFFFFF"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"var(--lia-bs-body-color)","items":[{"id":"custom.widget.Beta_Footer","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Tag_Manager_Helper","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.Consent_Blackbar","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:component:custom.widget.GainsightShared-en-us-1745595734446":{"__typename":"CachedAsset","id":"component:custom.widget.GainsightShared-en-us-1745595734446","value":{"component":{"id":"custom.widget.GainsightShared","template":{"id":"GainsightShared","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.GainsightShared","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Shared functions for Gainsight integration","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_MetaNav-en-us-1745595734446":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_MetaNav-en-us-1745595734446","value":{"component":{"id":"custom.widget.Beta_MetaNav","template":{"id":"Beta_MetaNav","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_MetaNav","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"MetaNav menu at the top of every page.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Beta_Footer-en-us-1745595734446":{"__typename":"CachedAsset","id":"component:custom.widget.Beta_Footer-en-us-1745595734446","value":{"component":{"id":"custom.widget.Beta_Footer","template":{"id":"Beta_Footer","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Beta_Footer","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"DevCentral´s custom footer.","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Tag_Manager_Helper-en-us-1745595734446":{"__typename":"CachedAsset","id":"component:custom.widget.Tag_Manager_Helper-en-us-1745595734446","value":{"component":{"id":"custom.widget.Tag_Manager_Helper","template":{"id":"Tag_Manager_Helper","markupLanguage":"HANDLEBARS","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Tag_Manager_Helper","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Helper widget to inject Tag Manager scripts into head element","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:component:custom.widget.Consent_Blackbar-en-us-1745595734446":{"__typename":"CachedAsset","id":"component:custom.widget.Consent_Blackbar-en-us-1745595734446","value":{"component":{"id":"custom.widget.Consent_Blackbar","template":{"id":"Consent_Blackbar","markupLanguage":"HTML","style":null,"texts":{},"defaults":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Consent_Blackbar","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"TEXTHTML","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1745595728815","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagsHeaderWidget-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagsHeaderWidget-1745595728815","value":{"tag":"{tagName}","topicsCount":"{count} {count, plural, one {Topic} other {Topics}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListForNodeByRecentActivityWidget-1745595728815","value":{"title@userScope:other":"Recent Content","title@userScope:self":"Contributions","title@board:FORUM@userScope:other":"Recent Discussions","title@board:BLOG@userScope:other":"Recent Blogs","emptyDescription":"No content to show","MessageListForNodeByRecentActivityWidgetEditor.nodeScope.label":"Scope","title@instance:1706288370055":"Content Feed","title@instance:1743095186784":"Most Recent Updates","title@instance:1704317906837":"Content Feed","title@instance:1743095018194":"Most Recent Updates","title@instance:1702668293472":"Community Feed","title@instance:1743095117047":"Most Recent Updates","title@instance:1704319314827":"Blog Feed","title@instance:1743095235555":"Most Recent Updates","title@instance:1704320290851":"My Contributions","title@instance:1703720491809":"Forum Feed","title@instance:1743095311723":"Most Recent Updates","title@instance:1703028709746":"Group Content Feed","title@instance:VTsglH":"Content Feed"},"localOverride":false},"Category:category:Forums":{"__typename":"Category","id":"category:Forums","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:TechnicalForum":{"__typename":"Forum","id":"board:TechnicalForum","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Forum:board:WaterCooler":{"__typename":"Forum","id":"board:WaterCooler","forumPolicies":{"__typename":"ForumPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Articles":{"__typename":"Category","id":"category:Articles","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"Articles"},"Tkb:board:TechnicalArticles":{"__typename":"Tkb","id":"board:TechnicalArticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:DevCentralNews":{"__typename":"Tkb","id":"board:DevCentralNews","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:GroupsCategory":{"__typename":"Category","id":"category:GroupsCategory","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:F5-Groups":{"__typename":"Category","id":"category:F5-Groups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityGroups":{"__typename":"Category","id":"category:CommunityGroups","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Occasion:board:Events":{"__typename":"Occasion","id":"board:Events","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"occasionPolicies":{"__typename":"OccasionPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Idea:board:Suggestions":{"__typename":"Idea","id":"board:Suggestions","boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"ideaPolicies":{"__typename":"IdeaPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CrowdSRC":{"__typename":"Category","id":"category:CrowdSRC","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:codeshare":{"__typename":"Tkb","id":"board:codeshare","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:communityarticles":{"__typename":"Tkb","id":"board:communityarticles","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Tkb:board:security-insights":{"__typename":"Tkb","id":"board:security-insights","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"displayId":"security-insights","nodeType":"board","conversationStyle":"TKB","title":"Security Insights","shortTitle":"Security Insights","parent":{"__ref":"Category:category:Articles"}},"Tkb:board:article-series":{"__typename":"Tkb","id":"board:article-series","tkbPolicies":{"__typename":"TkbPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Conversation:conversation:340956":{"__typename":"Conversation","id":"conversation:340956","topic":{"__typename":"TkbTopicMessage","uid":340956},"lastPostingActivityTime":"2025-04-23T08:00:00.071-07:00","solved":false},"User:user:217342":{"__typename":"User","uid":217342,"login":"Christopher_Pa1","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yMTczNDItSUNpMG9j?image-coordinates=0%2C0%2C160%2C160"},"id":"user:217342"},"TkbTopicMessage:message:340956":{"__typename":"TkbTopicMessage","subject":"VulnCon 2025, EU CRA, CVE funding, Smishing Kit","conversation":{"__ref":"Conversation:conversation:340956"},"id":"message:340956","revisionNum":2,"uid":340956,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:217342"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":89},"postTime":"2025-04-23T08:00:00.071-07:00","lastPublishTime":"2025-04-23T08:00:00.071-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of April 13th through April 20th. Your editor this week is Chris from the F5 Security Incident Response Team. A bit of a different format this week as I was in Raleigh for VulnCon 2025 the previous week. I will discuss highlights from that as well as notable events from the past week. \n \n VulnCon 2025 \n The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (aka “VulnCon”), which was sponsored by FIRST and the CVE Program, was held from April 7th through April 10th this year. The aim of this conference is to promote collaboration between various vulnerability management and cybersecurity professionals to better help the whole cybersecurity ecosystem. Key topics that were highlighted this year were the EU's Cyber Resilience Act (CRA), Vulnerability Exploitability eXchange (VEX), Cybersecurity Assurance Framework (CSAF), and publishing more complete CVE records or Vulnrichment. I will discuss the CRA in the next paragraph. VEX facilitates the exchange of vulnerability information, fostering collaboration to swiftly address emerging threats. Concurrently, CSAF ensures a standardized approach to cybersecurity practices. One of the pushes that was discussed was to get security scanners to start ingesting VEX to help decrease the amount of false positives and focus more on vulnerabilities that are exploitable. As for Vulnrichment, it is alarming that a large number of CVEs that are disclosed every year do not include Common Weakness Enumerations (CWE) or Common Vulnerability Scoring System (CVSS) scores. I agree that adding this information at a minimum would be very beneficial to both the consumers as well as the vendor. The vendor is in the best position to assign these in a more accurate manner since they are most familiar with the products. \n https://www.first.org/conference/vulncon2025/ \n https://openssf.org/blog/2023/09/07/vdr-vex-openvex-and-csaf/ \n \n EU Cyber Resilience Act (CRA) \n The Cyber Resilience Act introduces mandatory cybersecurity requirements for hardware and software products, throughout their whole lifecycle. The main goals of this act are to ensure that products with digital elements placed on the EU market have fewer vulnerabilities that Manufacturers remain responsible for cybersecurity throughout a product’s life cycle, improve transparency on security of hardware and software products and bring benefits to business users and consumers from better protection. Products will bear the CE marking as is common with many other products sold, which means they have been assessed to meet high safety, health, and environmental protection requirements. \n The three main roles that are laid out are: \n \n Manufacturers: If you develop or manufacture products with \"digital elements\" for sale in the EU. \n Open-Source Software (OSS) Stewards: Entity other than a manufacturer that provides support on a sustained basis for the development of specific products with digital elements, qualifying as free and open-source software and intended for commercial activities, and that ensures the viability of those products. Examples of this would be the Linux Foundation, Apache Foundation, etc.... \n OSS Developers: Upstream maintainer or developer of open-source software that is used by the manufacturer. \n \n The key point to note in this distinction of these three roles is that if there is a vulnerability exploited in open-source software, the manufacturer is the one held liable. The OSS Steward and the OSS Developers are not being held liable. This makes it a good idea to develop working relationships with the OSS upstream developers for when emergencies do arise. Now to focus on the manufacturer requirements. I will not touch all of them as the CRA is a large document but will point out some of the key topics. Secure-By-Default and Secure-By-Design principles will now be a requirement and not just a pledge. Products with digital elements shall be delivered without any known exploitable vulnerabilities. Manufacturers will need to provide evidence that the product was checked before release. A risk assessment will need to be provided with the product and the contents of that assessment are laid out in Annex I of the document. Manufactures must be able to provide SBOMS in either SPDX or CycloneDX format at the request of authorities. Manufacturers must , address and remediate vulnerabilities without delay, which includes providing security updates. Manufacturers must provide support for a minimum of 5 years, including security updates and that each security update remains available after it has been issued for a minimum of 10 years or for the remainder of the support period, whichever is longer. \n There are also reporting requirements. Highlight a couple of them; they pertain to actively exploited vulnerabilities and severe incidents having an impact on the security of the product. An early warning notification of an actively exploited vulnerability or severe incident, without undue delay and in any event within 24 hours of the manufacturer becoming aware of it. Then \"an incident notification, without undue delay and in any event within 72 hours of the manufacturer becoming aware of the incident, which shall provide general information, where available, about the nature of the incident, an initial assessment of the incident, as well as any corrective or mitigating measures taken, and corrective or mitigating measures that users can take, and which shall also indicate, where applicable, how sensitive the manufacturer considers the notified information to be\". That was taken from the document and you can see how thorough they are being when detailing what to report. The final report will need to be submitted by 14 days for active exploits and one month for severe incidents. Then to explain where to report: \"The notification shall be submitted using the electronic notification end-point of the CSIRT designated as coordinator of the Member State where the manufacturers have their main establishment in the Union and shall be simultaneously accessible to ENISA\". This means that the manufacturer will need to choose one of the European country's CSIRT teams to be the point of contact. \n As for the consequences of non-compliance, the EU is not playing around with that either: \n \n Non-compliance with the essential cybersecurity requirements set out in Annex I and the obligations set out in Articles 13 and 14 shall be subject to administrative fines of up to EUR 15,000,000 or, if the offender is an undertaking, up to 2.5% of its total worldwide annual turnover for the preceding financial year, whichever is higher. \n Non-compliance with the obligations set out in Articles 18 to 23, Article 28, Article 30(1) to (4), Article 31(1) to (4), Article 32(1), (2) and (3), Article 33(5), and Articles 39, 41, 47, 49 and 53 shall be subject to administrative fines of up to EUR 10,000,000 or, if the offender is an undertaking, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher. \n The supply of incorrect, incomplete or misleading information to notified bodies and market surveillance authorities in reply to a request shall be subject to administrative fines of up to EUR 5,000,000 or, if the offender is an undertaking, up to 1% of its total worldwide annual turnover for the preceding financial year, whichever is higher. \n \n To explain those bullet points more simply, everything I mentioned above about manufacturer requirements and reporting all fall under Annex I or Articles 13 and 14 so would be subject to the most severe penalties per incident. \n As for the timelines of this act, the CRA was officially adopted on October 10, 2024, and entered into force on December 10, 2024. However, the CRA's main obligations will apply starting from December 11, 2027. Some earlier obligations will apply, such as the reporting of vulnerabilities and severe incidents, starting from September 11, 2026. Additionally, the rules on conformity assessment bodies will be applicable from June 11, 2026. \n https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act \n https://github.com/SecurityCRob/presentations/blob/main/CRA%20PSIRT%20TL_DR.pdf \n \n CVE Program Funding \n The Common Vulnerabilities and Exposures (CVE) program, managed by MITRE, was facing funding expiration on April 16, 2025. The program is essential for identifying and tracking security vulnerabilities in software and hardware. Without funding, the CVE program would stop adding new vulnerabilities, which could lead to significant impacts on national vulnerability databases, cybersecurity tools, incident response operations, and critical infrastructure. MITRE's Vice President Yosry Barsoum expressed hope that the government is making efforts to continue supporting the program. Luckily, the Department of Homeland Security's (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was able to secure funding at the last moment, to fund the program for 11 more months. This is despite ongoing budget and staffing cuts to CISA by the current administration. \n The cybersecurity community has expressed concern over the potential loss of the CVE program, emphasizing its importance in standardizing vulnerability information and aiding in the timely patching of security flaws. On April 16, MITRE announced the creation of a non-profit entity called \"The CVE Foundation\" to continue the program's work under a new funding mechanism. \n https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/ \n \n The CVE Foundation \n The CVE Foundation was launched to secure the future of the CVE Program. The CVE Foundation was formally established on April 16, 2025, to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program. The CVE Program has been a U.S. government-funded initiative for 25 years, raising concerns about sustainability and neutrality due to its reliance on a single government sponsor. MITRE notified the CVE Board on April 15, 2025, that the U.S. government would not renew its contract for managing the program. In response, a coalition of CVE Board members developed a strategy to transition CVE to a dedicated, non-profit foundation to continue delivering high-quality vulnerability identification. CVE identifiers and data are crucial for cybersecurity professionals worldwide, aiding in security tools, advisories, threat intelligence, and response. Going forward, the CVE Foundation aims to eliminate a single point of failure in the vulnerability management ecosystem and ensure the CVE Program remains globally trusted and community-driven. \n https://www.thecvefoundation.org/home \n \n Pay Your Tolls!! \n About 3 and a half years ago, I was driving into Denver on Interstate 70 coming from the East. I had no need to drive through Denver as I was heading north through Wyoming anyway. Well, a few miles before the city there was an offramp for E-470, a toll highway that would bypass Denver and connect to I-25 a few miles north of the city. I had never used a toll highway before since I live in Eastern Washington where they are unheard of. I was picturing a scene out of a movie where you pull up to a booth and pay an attendant. I was surprised as I merged onto the highway and everyone was driving at 60+ MPH. I saw a sign that stated the system used E-ZPass and would scan the license plate. Fast forward a few months and I receive a bill in the mail from E-ZPass, a pretty nice way to bypass driving through the middle of a large city, I thought. \n Now, unfortunately, a smishing campaign is targeting that same system to trick victims into giving them their payment information. Since mid-October 2024, multiple financially motivated threat actors have been using a smishing kit developed by \"Wang Duo Yu\" to target toll road users in eight U.S. states. The campaign impersonates U.S. electronic toll collection systems like E-ZPass, sending SMS messages and Apple iMessages about unpaid tolls, urging recipients to click on fake links. Victims are prompted to solve a fake CAPTCHA challenge and enter personal and financial information on fraudulent pages, which is then siphoned off to the threat actors. Wang Duo Yu, a computer science student in China, is alleged to be the creator of the phishing kits used by the Smishing Triad, a Chinese organized cybercrime group. The Smishing Triad has conducted large-scale smishing attacks targeting postal services in 121 countries, using failed package delivery lures to harvest personal and financial information. Services like Oak Tel facilitate smishing on a global scale, allowing cybercriminals to send bulk SMS and manage campaigns efficiently. \n I have personally received 2 or 3 of these over the past few months. Luckily, I know the one time I drove on a toll road, so it was obvious to me that this was fake. I worry about people that are using these systems more regularly that may fall victim. \n https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"13625","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340857":{"__typename":"Conversation","id":"conversation:340857","topic":{"__typename":"TkbTopicMessage","uid":340857},"lastPostingActivityTime":"2025-04-21T12:33:58.238-07:00","solved":false},"User:user:419633":{"__typename":"User","uid":419633,"login":"Koichi","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS00MTk2MzMtMjUxMTJpODRENkE1RkUxRjBDNkI2QQ"},"id":"user:419633"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA4NTctcThKOUlO?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA4NTctcThKOUlO?revision=3","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:340857":{"__typename":"TkbTopicMessage","subject":"EV Car Hacking, AI bypass KYC, LLM does not trust human, and Active Cyber Defense","conversation":{"__ref":"Conversation:conversation:340857"},"id":"message:340857","revisionNum":3,"uid":340857,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:419633"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" This Week In Security April 6-12 edition. In this article, discussing these topics: EV Car Hacking, AI bypass KYC, LLM does not trust human, and Active Cyber Defense. \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":330},"postTime":"2025-04-16T11:00:05.802-07:00","lastPublishTime":"2025-04-21T12:33:58.238-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable news for the week of April 6-12, 2025. This week, your editor is Koichi from F5 Security Incident Response Team. In this edition, I have security news about EV Car Hacking, AI bypass KYC, LLM does not trust human, and Active Cyber Defense. \n We at F5 SIRT invest a lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency, please contact F5 SIRT. \n EV Car Hacking \n Last week was BlackHat Asia Week in Singapore. At BlackHat Asia 2025, PCAutomotive researchers announced that Nissan's EV, the LEAF ZE1, was vulnerable to a remote cyber-attack that could hack the car. According to the presentation, there is a vulnerability in its Bluetooth function of the infotainment system which maek attacker enabled to use the infotainment system’s Bluetooth capabilities to infiltrate the car’s internal CAN network. The malicious attacker will establish C2 communication via mobile communications. Researchers had already reported the vulnerability to Nissan in August 2023, and it was approved as vulnerabilities three months later. Eight CVEs, from CVE-2025-32056 to CVE-2025-32063 were assigned for these vulnerabilities this year. Nissan did not comment on the details for security reasons, but said it would continue to address the cyber-attack. \n Source: Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls \n AI generated passport can bypass KYC \n It is widely known that Generative AI can generate any image. Someone may be tempted to try to create an image of a passport. Researchers in Poland used ChatGPT-4o to generate a passport image in just five minutes. This passport image is of course fake, but experts claim that this image might be able to bypass an automated Know Your Customer(KYC) systems since digital identity verification systems do not use chip verification, but rely solely on matching the image. Experts warned that the proliferation of generative AI has increased the threat of mass identity theft, fraudulent credit applications and fake account creation, and call for stronger defense strategies, such as the use of NFC-based authentication and electronic identity (eID). \n Source: Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC \n LLM does not trust you, human \n We humans have come to use LLMs such as ChatGPT extensively and think of LLMs as ‘useful guys’. However, we do not know what LLMs think of us. An interesting paper was posted in arXiv this month that challenges that question. \n Measurement of LLM's Philosophises of Human Nature is a study applying psychological scale to investigate LLMs' perceptions of human. An psychological scale to LLM, named the Machine-based Philosophies of Human Nature Scale (M-PHNS), which is based on Wrightsman's Philosophies of Human Nature Scale (PHNS) had used to assesses multiple LLMs. The results of testing exhibit a systemic lack of trust in humans. Many LLMs showed various negative perception towards humans, such as being ‘untrustworthy’ and ‘selfish’. Furthermore there is a significant negative correlation between the model's intelligence level and its trust in humans. The paper proposes that the solution is to improve LLMs' perceptions using a new framework called “Mental Loop Learning”. \n Source: Measurement of LLM's Philosophises of Human Nature \n \"Active Cyber Defense\" Part 4 \n In a former TWIS articles, I wrote about the “Active Cyber Defense” that the Japanese government is trying to introduce, and there was progress again. \n On 8 April the Active Cyber Defense bill was passed by a majority of the ruling and opposition parties in the plenary session of the House of Representatives and sent to the House of Councilors after amendments were made, such as increasing parliamentary involvement. \n The ”Active Cyber Defense\" bill would allow the Government to get agreements with operators of critical infrastructure and acquire communications information in order to monitor for the Cyber Attack threat. It will also allow the police and the Self Defense Forces, with the approval to access the attacker's servers and other systems and take steps to render them harmless, in order to prevent serious damage. \n Source: https://www3.nhk.or.jp/news/html/20250408/k10014773221000.html (Japanese) ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"4687","kudosSumWeight":3,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA4NTctcThKOUlO?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340708":{"__typename":"Conversation","id":"conversation:340708","topic":{"__typename":"TkbTopicMessage","uid":340708},"lastPostingActivityTime":"2025-04-09T06:00:00.048-07:00","solved":false},"User:user:172154":{"__typename":"User","uid":172154,"login":"Lior_Rotkovitch","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0xNzIxNTQtMjAxMzJpNEEwNDMzMEE3QzhGNzhDRA"},"id":"user:172154"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA3MDgtUEJEQ0NQ?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA3MDgtUEJEQ0NQ?revision=3","title":"lior-rotkovitch.png","associationType":"TEASER","width":1280,"height":720,"altText":""},"TkbTopicMessage:message:340708":{"__typename":"TkbTopicMessage","subject":"Oracle hack, North Korean Hackers, Critical Flaw in Apache","conversation":{"__ref":"Conversation:conversation:340708"},"id":"message:340708","revisionNum":3,"uid":340708,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:172154"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n This week in cybersecurity, it seems both hackers and defenders have been working overtime, \n While hackers have been creatively causing chaos, cybersecurity professionals have been equally busy patching up the digital world. It's a never-ending game of whack-a-mole, but with higher stakes and fewer mallets. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":203},"postTime":"2025-04-09T06:00:00.048-07:00","lastPublishTime":"2025-04-09T06:00:00.048-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable news by F5 SIRT This Week in Security, March 30 th to April 5 th . The news this week captures the dynamic nature of the cybersecurity field, where the interplay between cyber threats and defense mechanisms ensures continuous engagement for professionals. The demand for skilled cybersecurity experts remains robust, with projections indicating a 33% growth in employment for information security analysts from 2023 to 2033, significantly outpacing the average for all occupations. This trend underscores the ongoing need for vigilance and expertise in safeguarding digital assets, highlighting that cybersecurity is not just about keeping professionals occupied, but is essential for protecting critical information in our increasingly digital world. Until next time, keep it safe. Lior \n \n Oracle Confirms Cloud Hack \n Oracle has confirmed suffering a data breach, but the tech giant is apparently trying to downplay the impact of the incident. \n Oracle has privately confirmed to some customers that certain cloud systems were breached, despite its earlier public denials. A hacker known as 'rose87168' claimed to have accessed data from over 140,000 Oracle Cloud tenants, including encrypted credentials, and initially sought a $20 million ransom before offering the data for sale. \n The hacker provided evidence such as customer data samples and internal Oracle recordings. Security firms and some customers have verified the authenticity of the leaked data. Oracle has reportedly informed affected clients that the breach involved a legacy system inactive for eight years, suggesting minimal risk, though some compromised credentials date as recently as 2024. The FBI and cybersecurity firm CrowdStrike are investigating the incident. \n https://www.securityweek.com/oracle-confirms-cloud-hack/ \n \n Call Records of Millions Exposed by Verizon App Vulnerability \n A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application. \n A vulnerability in Verizon's Call Filter iOS application could have allowed unauthorized access to incoming call records of potentially all Verizon Wireless customers. Discovered by cybersecurity researcher Evan Connelly and reported on February 22, 2025, the flaw resided in the app's server request mechanism, which failed to verify that the phone number in a data request belonged to the authenticated user. \n This oversight could have enabled attackers to retrieve incoming call records, including phone numbers and timestamps, by specifying any arbitrary phone number. Verizon, which has over 140 million subscribers, addressed the issue by mid-March through a patch implemented by the third-party developer of the application. The company stated that there was no indication the flaw had been exploited. \n https://www.securityweek.com/call-records-of-millions-exposed-by-verizon-app-vulnerability/ \n \n North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages \n North Korean threat actors involved in the \"Contagious Interview\" campaign have expanded their operations by publishing 11 malicious npm packages designed to distribute the BeaverTail malware and a new remote access trojan (RAT) loader. These packages collectively downloaded over 5,600 times before removal. \n These packages masquerade as utilities and debuggers, employing hexadecimal string encoding to evade detection. Notably, some are linked to Bitbucket repositories, with directories named to suggest job interview themes, indicating a tactic to lure developers. The malicious code functions as a RAT loader, capable of fetching and executing remote JavaScript, allowing attackers to deploy additional malware. This activity underscores the persistent and evolving strategies of the threat actors in targeting software supply chains. \n https://thehackernews.com/2025/04/north-korean-hackers-deploy-beavertail.html \n \n Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware \n The North Korean Lazarus Group has launched a campaign targeting job seekers in the cryptocurrency sector by impersonating legitimate companies such as Coinbase and Kraken. They approach candidates via LinkedIn or X (Twitter), inviting them to video-call interviews. During these interactions, victims are directed to a fake video interviewing service named Willo, where they are prompted to enable their camera. \n An error message then appears, instructing them to download a driver to fix the issue—a tactic known as \"ClickFix.\" This led to the installation of a previously undocumented Go-based backdoor called GolangGhost on Windows and MacOS systems. GolangGhost allows attackers to remotely control infected systems and steal sensitive data. \n https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html \n \n Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code \n A critical security vulnerability, identified as CVE-2025-30065 with a CVSS score of 10.0, has been discovered in Apache Parquet's Java Library. This flaw allows remote attackers to execute arbitrary code by tricking systems into processing specially crafted Parquet files. The vulnerability affects all versions up to and including 1.15.0 and has been addressed in version 1.15.1. Users are advised to update to the latest version to mitigate potential risks. \n https://thehackernews.com/2025/04/critical-flaw-in-apache-parquet-allows.html ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5503","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA3MDgtUEJEQ0NQ?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340631":{"__typename":"Conversation","id":"conversation:340631","topic":{"__typename":"TkbTopicMessage","uid":340631},"lastPostingActivityTime":"2025-04-06T09:38:53.322-07:00","solved":false},"User:user:72057":{"__typename":"User","uid":72057,"login":"ArvinF","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MjA1Ny1ndTdUdTE?image-coordinates=90%2C126%2C444%2C481"},"id":"user:72057"},"TkbTopicMessage:message:340631":{"__typename":"TkbTopicMessage","subject":"IngressNightmare, Next.js critical, More Agents, pwned","conversation":{"__ref":"Conversation:conversation:340631"},"id":"message:340631","revisionNum":2,"uid":340631,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:72057"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":267},"postTime":"2025-04-03T13:07:55.646-07:00","lastPublishTime":"2025-04-03T13:07:55.646-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n Hello! ArvinF is your editor covering 23 to 29 March 2025 for this edition of F5 SIRT This Week in Security. Credit to the original sources. \n IngressNightmare \n Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet. \n This vulnerability is fixed in Ingress NGINX Controller versions 1.12.1 and 1.11.5, so do update to the latest version. Ensure the admission webhook endpoint is not exposed externally. \n Other mitigations if an upgrade is not yet possible are: \n Enforce strict network policies so only the Kubernetes API Server can access the admission controller. \n Temporarily disable the admission controller component of Ingress-NGINX \n F5 published K000150538: Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514 as F5 NGINX has a similarly named but different product NGINX Ingress Controller. The product has been assessed and it is not vulnerable to IngressNightmare related CVEs. https://my.f5.com/manage/s/article/K000150538 F5 also released in the March 27 2025 attack signature update (ASU) an attack signature to address IngressNightmare, namely, 200103569. \n K000150594: Attack Signatures for IngressNightmare: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 https://my.f5.com/manage/s/article/K000150594 \n High 200103569 New Kubernetes NGINX Ingress Admission Controller Command Execution Command Execution CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514 Kubernetes Ingress NGINX controller is vulnerable to remote command execution via a malicious AdmissionReview request \n https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ \n Next.js critical CVE-2025-29927 \n A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. The flaw, tracked as CVE-2025-29927, enables attackers to send requests that reach destination paths without going through critical security checks. \n Next.js is a popular React framework with more than 9 million weekly downloads on npm. It is used for building full-stack web apps and includes middleware components for authentication and authorization. \n Next.js uses a header called 'x-middleware-subrequest' that dictates if middleware functions should be applied or not. \n The header is retrieved by the 'runMiddleware' function responsible for processing incoming requests. If it detects the 'x-middleware-subrequest' header, with a specific value, the entire middleware execution chain is bypassed and the request is forwarded to its destination. \n In the original research paper, the header and value \"x-middleware-subrequest: /pages/_middleware\" and \"x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware\" and its variations were the examples and are potential \"Indication of Attack\" and will be useful with monitoring and logging systems and threat hunting. \n F5 released in the March 23 2025 ASU, an attack signature to address CVE-2025-29927, namely, 200013111. \n High 200013111 New Next.js Middleware Authorization Bypass Authentication/Authorization Attacks CVE-2025-29927 Next.js is vulnerable to an authorization check bypass on middleware via a specially crafted request \n https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware https://www.bleepingcomputer.com/news/security/critical-flaw-in-nextjs-lets-hackers-bypass-authorization/ https://www.ncsc.gov.uk/news/vulnerability-affecting-nextjs-web-development-framework https://nextjs.org/blog/cve-2025-29927 https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/ \n Chrome emergency patches zero-day \n Google pushed out an emergency patch for Chrome on Windows this week to stop attackers from exploiting a sandbox-breaking zero-day vulnerability, seemingly used by snoops to target certain folks in Russia. \n Now Mozilla’s doing damage control, too, after spotting a similar flaw – albeit unexploited, as far as we’re aware – lurking in the code of its Firefox browser. \n \"The vulnerability CVE-2025-2783 really left us scratching our heads, as, without doing anything obviously malicious or forbidden, it allowed the attackers to bypass Google Chrome’s sandbox protection as if it didn’t even exist,\" wrote Kaspersky researchers Igor Kuznetsov and Boris Larin. \n https://securelist.com/operation-forumtroll/115989/ \n https://www.theregister.com/2025/03/28/google_kaspersky_mozilla/ \n More Security Copilot Agents \n Microsoft revealed an expanded flight plan for Security Copilot, which is now assisted by 11 task-specific AI agents that interact with products like Defender, Purview, Entra, and Intune. \n Of the 11 Security Copilot agents introduced, five came from Microsoft Security partners. \n The Microsoft-made agents include: \n Phishing Triage Agent in Microsoft Defender, for sorting phishing reports. Alert Triage Agents in Microsoft Purview, for triaging data loss prevention and insider risk alerts. Conditional Access Optimization Agent in Microsoft Entra, for monitoring and preventing identity and policy issues. Vulnerability Remediation Agent in Microsoft Intune, for prioritizing vulnerability remediation. Threat Intelligence Briefing Agent in Security Copilot, for curating threat intelligence. \n Microsoft Security partners have also contributed to the agent pool: \n Privacy Breach Response Agent (OneTrust), for distilling data breaches into reporting guidance. Network Supervisor Agent (Aviatrix), for doing root-cause analysis on network issues. SecOps Tooling Agent (BlueVoyant), for assessing security operations center controls. Alert Triage Agent (Tanium), for helping security analysts prioritize alerts. Task Optimizer Agent (Fletch), for forecasting and prioritizing threat alerts. \n The eleventh agent resides in Microsoft Purview Data Security Investigations (DSI), an AI-based service designed to help data security teams deal with data exposure risks. \n Essentially, these agents use the natural language capabilities of generative AI to automate the summarization of high-volume data like phishing warnings or threat alerts so that human decision makers can focus on signals deemed to be the most pressing. \n F5 has reference literature on Agentic AI. The MS Security Pilot are \"AI Agents\" - focused on executing specific tasks based on predefined rules. \"Agentic AI\" has \"autonomy and adaptive decision making\" and is a combination of GenAI and AI Agents. \n Agentic AI combines extremely specific directive code that executes jobs with AI inference to generate or predict rich and contextual answers. Agentic AI is not magic, but it is more powerful than agents or GenAI operating alone. These two building blocks can be assembled in various amounts and combinations, automating a flow of work to produce tremendously valuable results. Here is a simple diagram depicting an automated agentic AI workflow. It uses multiple types of specialized agents and AI models to complete a set of actions. The solution executes until an acceptable outcome is achieved, and then it is fed back to the user. \n https://www.theregister.com/2025/03/24/microsoft_security_copilot_agents/ https://www.f5.com/company/blog/ai-agents-vs-agentic-ai-understanding-the-difference https://www.f5.com/company/blog/security-context-matters-for-agentic-ai https://community.f5.com/kb/technicalarticles/agentic-rag---securing-genai-with-f5-distributed-cloud-services/339571 \n https://www.youtube.com/watch?v=Pwb8k3LPKgI \n HaveIbeenPwned mail list leaked \n Infosec veteran Troy Hunt of HaveIBeenPwned fame is notifying thousands of people after phishers scooped up his Mailchimp mailing list. \n The list comprises around 16,000 records, and every active subscriber will be receiving a notification and apology email soon. Around half of these records (7,535), however, pertain to individuals who had unsubscribed from the list. \n Based on the original blog post, tiredness was a factor in the momentary lapse in judgment. The brief moment where the credentials were captured, the attacker was able to export the HaveIbeenPwned mailing list, suspecting an automated attack. \n In general, we should protect our digital fingerprints as extensively as we can. Having a 2nd factor of authentication may not be sufficient anymore with the advancement in phishing attacks. Use phishing-resistant MFAs where possible and stick to basics - if you are not sure, don’t click. \n https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/ \n https://www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/ \n https://www.pcmag.com/news/creator-of-haveibeenpwned-data-breach-site-falls-for-phishing-email \n https://www.cisa.gov/news-events/news/phishing-resistant-mfa-key-peace-mind \n NCSC taps influencers to make 2FA go viral \n In related news covering a much wider audience, the UK’s National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses. \n It's the latest effort to improve the nation's cyber resilience as part of Stop! Think Fraud campaign launched in February 2024 under Rishi Sunak’s government, drafting in comedic sketch artists and Instagram personal finance gurus to promote wider uptake of security technologies. \n \"To boost public awareness about the crucial benefits of enabling two-step verification on their most important accounts, we’ve partnered with popular social media influencers to amplify this vital message and encourage a wider audience to adopt secure online habits,\" \n https://www.theregister.com/2025/03/26/ncsc_influencers_2fa/ \n https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-2-step-verification-on-your-email \n BlackLock ransomware gang pwned \n Cybersecurity vendor Resecurity is admitting to breaking into a notorious ransomware crew's infrastructure and gathering data it relayed to national agencies to help victims. \n Dubbed “BlackLock” (aka \"El Dorado\" or \"Eldorado\"), the ransomware-as-a-service (RaaS) outfit has existed since March 2024. In Q4 of last year, it increased its number of data leak posts by a staggering 1,425% quarter-on-quarter. According to independent reporting, a relatively new group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025. \n Resecurity identified a vulnerability present at the Data Leak Site (DLS) of BlackLock in the TOR network - successful exploitation of which allowed our analysts to collect substantial intelligence about their activity outside of the public domain. \n The Resecurity blog is a good read as they walk thru their exploit, findings and communications with the BlackLock group. Another group mentioned was DragonForce - very similar in techniques and also pwned the BlackLock Data Leak Site. \n https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure \n https://www.theregister.com/2025/03/27/security_shop_pwns_ransomware_gang/ \n https://www.infosecurity-magazine.com/news/blacklock-2025s-most-prolific/ \n And that's the week that was \n I hope you find the security news I picked educational. We have a mix of vulnerabilities, a zero day, Security CoPilot AI agents and F5 Agentic AI, phishing, UK NCSC 2FA public awareness campaign and for the cherry on top, a ransomware gang getting pwned. For vulnerabilities and zero days, update your system and software as soon as possible to mitigate these. Implement WAF, Bot Defense or DDoS mitigations where possible and in anticipation of future vulnerabilities and application attacks. Ensure only trusted users and networks have access to your systems. If a system does not need to be exposed for public access, ensure that it is not. For phishing, stand up the human firewall - be vigilant on received emails and links. If unsure, don’t click. Use MFA/phishing resistant MFA. An MFA is better than \"no MFA”. AI agents and Agentic AI - we might have been using it and we may not have known. If you own one, ensure to protect it and implement security controls - Think F5 Distributed Cloud. Till next time - Stay Safe and Secure! \n As always, if this is your first TWIS, you can always read past editions. We also encourage you to check out all of the content from the F5 SIRT. ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"12890","kudosSumWeight":1,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340482":{"__typename":"Conversation","id":"conversation:340482","topic":{"__typename":"TkbTopicMessage","uid":340482},"lastPostingActivityTime":"2025-03-31T08:38:34.153-07:00","solved":false},"User:user:129412":{"__typename":"User","uid":129412,"login":"Kyle_Fox","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/m_assets/avatars/custom/Frankenstack_11-1706132273780.svg?time=1706132301000"},"id":"user:129412"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA0ODItUkQxZzQ3?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA0ODItUkQxZzQ3?revision=3","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:340482":{"__typename":"TkbTopicMessage","subject":"Wiz, Heathrow, Vibe Coding and 23andMe","conversation":{"__ref":"Conversation:conversation:340482"},"id":"message:340482","revisionNum":3,"uid":340482,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:129412"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":277},"postTime":"2025-03-26T10:38:15.451-07:00","lastPublishTime":"2025-03-26T10:38:15.451-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Introduction \n Your editor this week is Kyle Fox. This week we bring tales of a major acquisition in the security industry; a fire near one of the largest airports in the world exposing flaws in infrastructure, weird new trends in software development and LLMs, and the usual roundup. \n \n Google to buy Wiz for $32 billion \n After a failed bid to buy Wiz last year for $23 billion, Google and Wiz have agreed on a price of $32 billion for Google's acquisition of the cybersecurity firm. Wiz is an Israeli-American cloud security firm headquartered in New York City with a primary engineering office in Tel Aviv. Wiz's software specializes in scanning cloud infrastructure for vulnerabilities so that they can be documented and remediated. \n Edit: At press time for this article, Wiz disclosed a number of vulnerabilities in the Kubernetes package Ingress-NGINX, we have published an advisory for those here: K000150538: Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514 \n \n Heathrow closed for a day due to an electrical substation fire \n Heathrow Airport, the 5th most busy passenger airport in the world, and a hub for UK and European flights, suffered a catastrophic power failure due to an electrical substation fire. This fire also disabled Heathrow's backup power systems, leaving the airport with only minimal power needed for emergency lighting, elevators and other emergency systems. Because of the single point of failure, the UK Energy Secretary has called for a full investigation and fixes to prevent this type of incident from reoccurring. \n In cybersecurity, we often get buried in the technicalities of the information systems we are looking to protect, forgetting about all of the non-data infrastructure needed to run these systems. It is important to keep all of this supporting infrastructure in mind, because having an application or service go down because of a power outage, large scale weather event or a critical datacenter burning to the ground is just as impactful as having a cyberattack disrupt connectivity or take the systems hostage. So with proper planning, construction of backup systems, testing, and maintenance, you could be like Union Park and still be online while Heathrow is plunged into darkness. \n \n LLMs give birth to the concept of Vibe Coding, wait what? \n We sort of expected that programmers would use specialized LLMs to assist in writing code, but a new type of writing code with LLMs is being called Vibe Coding. This new type of coding embraces using the LLM for all code changes and just instructing the LLM to do things with the code without really touching it yourself. But because the datasets these LLMs are trained on and the limitations of how the LLMs work, a number of issues can and will be encountered with this new type of coding. \n I have always maintained that the job of a programmer is to be an engineer, and this is often reflected in titles alike the infamous \"Software Engineer.\" Engineers apply science to create things in the world, and most importantly, engineers check their designs against flaws that may cause catastrophic failure. When I write a non-trivial piece of software I usually start with some sort of specification document, and then might create some flowcharts in Visio before a single line of code is written. For one personal project (which is annoyingly still not done) I started by spending months (which could have been like a week if I was working on it full time) creating that database schema. \n So, with this new Vibe Coding, as with a lot of the LLM-assisted coding, I am expecting to see \"very dumb\" vulnerabilities and other related disasters. May we live in interesting times, indeed. \n \n 23andMe has filed for bankruptcy, How to delete your data \n Direct-to-consumer DNA testing company 23andMe has filed for bankruptcy. As with any bankruptcy involving companies with large datasets, the dataset is now an asset that can be auctioned off to satisfy the companies debts. The California Attorney General has provided instructions on how to delete your data from the dataset so that its not sold. \n \n Roundup: \n \n The YouTube recommendation this time is Chris Boden, an electrician, comedian, science educator and former federal inmate. \n An Italian court has ordered Google to poison DNS results, a pretty common thing for governments to do these days. \n Dodgequest site doxxes Tesla owners across the US. Reports from friends say the information behind the site may be old or incomplete. \n A new way to phish passkeys has been discovered. Yet another malicious QR code. \n ChatGPT has been sued over defamatory hallucinations. \n iPhone theft rings were powered by insider threats and automated scraping of FedEx delivery data. \n The population of the planet may have been grossly underestimated. \n ACARS is the most exclusive text messaging network, now you can get in on watching the drama. \n The Raspberry Pi people are now selling a new chip, but it still has a potentially fatal flaw. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5089","kudosSumWeight":4,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDA0ODItUkQxZzQ3?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340217":{"__typename":"Conversation","id":"conversation:340217","topic":{"__typename":"TkbTopicMessage","uid":340217},"lastPostingActivityTime":"2025-03-20T17:29:47.333-07:00","solved":false},"User:user:241262":{"__typename":"User","uid":241262,"login":"MegaZone","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS0yNDEyNjItMTg4ODFpN0U1OEE0RTAwMDg0NDJGMQ"},"id":"user:241262"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDAyMTctUVJrc0tX?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDAyMTctUVJrc0tX?revision=5","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:340217":{"__typename":"TkbTopicMessage","subject":"AppSec, Camels, Typhoons, and Backdoors","conversation":{"__ref":"Conversation:conversation:340217"},"id":"message:340217","revisionNum":5,"uid":340217,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:241262"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n Welcome back to the F5 SIRT's weekly roundup of whatever news caught the editor's eye, and whatever else we feel like covering. It's our soapbox, and we're going to use it! This week MegaZone is once against at the keyboard, and we'll be covering news for the week of March 2-8, 2025. ","introduction":"","metrics":{"__typename":"MessageMetrics","views":178},"postTime":"2025-03-12T06:00:00.050-07:00","lastPublishTime":"2025-03-12T06:00:00.050-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Welcome back to the F5 SIRT's weekly roundup of whatever news caught the editor's eye, and whatever else we feel like covering. It’s our soapbox, and we’re going to use it! This week MegaZone is once again at the keyboard, and we'll be covering news for the week of March 2-8, 2025. \n One thing that wasn't cybersecurity news, per se, which I've been watching in professional horror is how the DOGE team seems to be intent on systematically violating every fundamental tenet of cybersecurity. Connecting unvetted devices to secure networks. Transferring sensitive information to untrusted devices. Publishing sensitive information to the public. Running roughshod over every kind of access control and security check that protect these networks and information. It doesn't matter what your politics are, it is objectively a cybersecurity horror show. \n This is a team that couldn't even secure their own website. They've contaminated secure networks which would now have to be scrubbed top to bottom, at great expense, before they could be considered properly secured again. They're doing the kind of things that would get most of us fired if we did them on our corporate networks. \n Things like this make me question why we fight the good fight in trying to make things more secure, if it is all going to be thrown out the window in the name of convenience. 'Move fast and break things' isn't a great approach when the systems involved are mission-critical and contain sensitive, even classified, data. Some things can't be fixed - once sensitive data is compromised, that's forever. \n But if I continue on this topic I will get into politics, so I'll move on. \n \n AppSec, Hot and Fresh \n Some of you may be familiar with the ongoing 'AppSec Monthly' podcast, which is a collaboration of the F5 SIRT and F5 Labs, with occasional guests from within and without F5. I’ve been a regular since I took over as the F5 SIRT's participant last fall. Well, I have some news - AppSec Monthly will no longer be produced. However, it isn't bad news, and it has ceased only to make way for a new podcast, 'AppSec Now'. The goal is to produce shorter, more timely episodes. We're going to try to record each Monday, and sometimes Tuesday when necessary. \n The first episode of AppSec Now, entitled Exploring CISA Layoffs, Microsoft's Quantum Chip, MongoDB Vulnerabilities & More, released last week. Ideally we'll have a weekly schedule, and the new cadence will allow us to touch on more stories before they become stale. That was always an issue when planning the content for the monthly release. Sometimes good stories were just old news by the time we recorded. We may have some teething issues as we figure out the new routine, bear with us. \n You can keep up with new episodes via the AppSec Now Playlist, and you should check out the DevCentral YouTube Channel for a lot of great content, including some other ongoing podcast series. Most recently, you'll find a lot of AppWorld 2025 coverage. \n \n Exploring CISA Layoffs, Microsoft's Quantum Chip, MongoDB Vulnerabilities & More \n AppSec Now Playlist \n DevCentral YouTube Channel \n \n \n Apache Camel Kerfuffle \n As last week drew to a close, there was a growing clamor in the infosec community about a reported 'Critical' issue in Apache Camel. Nothing had been released officially, and the rumor mill was in full force. With little to no details available, there wasn't much anyone could do. Security teams were being stood up - but could only wait for something tangible to work on. It was a classic example of why sharing unsubstantiated reports without any actionable details is a major waste of community resources, and why coordinated vulnerability disclosure is the right way to handle things. I won't go too far down this road, as in the process of preparing this entry I came across an article posted earlier today (as I write this bit on Sunday), but Kevin Beaumont on Medium: \"No, there isn't a world ending Apache Camel vulnerability\". He said pretty much what I would. In short, sharing information in this way is being Chicken Little. \n So, anyway, we started seeing customer interest in this 'sky is falling' issue toward the end of last week, but information was limited and spotty. So, like everyone else, there was little we could offer in response. That is, until CVE-2025-27636 was published in Sunday. It wasn't given a CVSS score, but it is generally considered to be of Medium severity, and not a Critical issue. The scope of the issue is much more limited than the rumor mill had been claiming. The Apache Software Foundation published a statement about the issue, sent out an email covering the issue, and there is also an associated Jira issue. \n With more details now available, F5 also published a Security Advisory for the issue on Sunday and my F5 SIRT colleague, Dharminder, published an article here on DevCentral. The short version is that there is an Attack Signature Update available for BIG-IP Next WAF, BIG-IP Advanced WAF & ASM, and NGINX App Protect WAF, to protect any systems that are 'behind' one of those products. For others, there is also an iRule available for HTTP virtual servers to protect backend systems. Other vendors have also begun to release responses to this issue. \n The irresponsible, premature sharing of incomplete information cost an untold amount across many organizations as many people scrambled to get details on this supposed world-ending zero-day RCE, which turned out to be a medium-severity issue with a very limited scope of impact. We need better discipline within these threat-sharing groups, as this is not the first time someone has started a panic over nothing. Spreading unsubstantiated rumors does more harm than good. It panics management, who then demand that 'something be done', but the cybersecurity teams responsible can do little without actionable intelligence. So they reach out to vendors, who then must spin up their own teams, but are just as stuck. And, if there is a real, exploitable issue, it also gives those with nefarious goals a heads-up that they should start looking, while defenders are at a loss. \n In the future, I hope we collectively can avoid going off half-cocked, and wait for coordinated disclosure to provide the details. But, given history as an example, I’m not going to hold my breath. \n \n https://doublepulsar.com/no-there-isnt-a-world-ending-apache-camel-vulnerability-edd055f40d39 \n https://www.cve.org/CVERecord?id=CVE-2025-27636 \n https://camel.apache.org/security/CVE-2025-27636.html \n https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z \n https://issues.apache.org/jira/browse/CAMEL-21828 \n https://my.f5.com/manage/s/article/K000150304 \n \n \n Deja Vu All Over Again \n Very often, when working on TWIS, I feel like I end up covering the same thing I have previously. Last time in the hot seat one of the topics I covered was Chinese threat actors, including Silk Typhoon, aka APT27. Once again, they were one of the leading stories of the week. This time the issue is that Silk Typhoon has expanded their operations to include attacks on IT supply chains, to gain initial access to networks. This is according to a new report published by Microsoft Threat Intelligence. This was followed by a report published the next day by GreyNoise which detailed active exploitation attributed to Silk Typhoon. \n It's the standard arms race - as defenders address the vulnerabilities they formerly leveraged, they find new ways to crack networks open to expose their succulent centers for exploitation. Their latest move is to focus on remote management tools and cloud applications to obtain keys and credentials they can then use to penetrate deeper into the victim's network. A chain is only as strong as its weakest link - and a network is only as secure as its most vulnerable component. Silk Typhoon appears very adept at using a myriad of different approaches, and rapidly pivoting to adjust their approach as target behavior changes. There's a lot of good information in the Microsoft and GreyNoise reports and I encourage checking them out. \n In related news, the day after Microsoft published their report, US government agencies filed criminal charges against alleged members of Silk Typhoon. Internet domains attributed to the group's campaigns were also seized. Now, the indictments don't actually amount to much as those indicted reside in China, and there is little to no chance China will turn any of the individuals over to the US. They'd only be actionable if those indicted traveled to a nation friendly to the US, willing to act on them. \n \n https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/ \n https://www.greynoise.io/blog/active-exploitation-silk-typhoon-linked-cves \n https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html \n https://www.scworld.com/news/microsoft-reveals-silk-typhoons-recent-supply-chain-targeting \n https://www.theregister.com/2025/03/05/china_silk_typhoon_update/ \n https://www.darkreading.com/remote-workforce/china-silk-typhoon-it-supply-chain-attacks \n https://www.theregister.com/2025/03/06/fbi_china_pays_75k_per/ \n \n \n Governments Insist on Breaking Security \n The Register had a nice opinion piece on governments insisting on backdoors into encrypted services, effectively killing end-to-end encryption (E2EE) and therefore making their citizens less secure. Everyone and anyone with the faintest knowledge of security knows that you can't put backdoors into encryption without weakening the system and making them more susceptible to attack. Yet governments continue to insist that their ability to snoop outweighs the need for users to be secure, despite decades of evidence of how increasingly important security and encryption are. (Often this takes the form of the classic 'Think of the children!' emotional argument.) \n Recent examples include the UK's insistence causing Apple to pull iCloud E2EE for UK users rather than comply and weaken the service. Now those users are left to fend for themselves, and only those technically savvy enough to install and use independent encryption products to locally encrypt data before uploading will be protected. Which, of course, defeats the entire purpose of the government insisting on backdoors in the first place. So sophisticated criminals and technically savvy users would always be able to avoid this form of government snooping. The whole thing is a lose-lose for the average user - whether a service caves and introduces a backdoor, or refuses and pulls all E2EE, the average user is demonstrably less secure. \n Not learning anything from the UK's reckless (and frankly stupid) actions. Sweden is also looking at demanding E2EE backdoors - which has Signal threatening to pull out of that country. (And I expect Apple and others would do the same, just like in the UK.) It has been reported that Apple has filed a complaint over the backdoor demands with the UK's Investigatory Powers Tribunal (IPT), so we'll see how this plays out. \n Maybe someday politicians and spooks will realize these attempts to weaken security are a fool's errand as there are readily available standalone systems for those who really want to avoid scrutiny, and weakening protections for the vast majority of innocent users is not a worthwhile tradeoff. You just make life harder for the majority of users. \n \n https://www.theregister.com/2025/03/03/opinion_e2ee/ \n https://www.theregister.com/2025/03/05/apple_reportedly_ipt_complaint/ \n \n \n VulnCon Schedule Live \n Before I sign off for the week, a plug. As I've mentioned previously, I'm one of the organizers behind VulnCon. VulnCon 2025 is coming up, April 7-10 in Raleigh, North Carolina, USA. This is our second year, and last year was a smashing success, exceeding our best projections. This year is bigger and better with an extra day and an additional programing tracks, so there is even more content to choose from. I know some people were waiting to see exactly what that content would be before registering, and the good news is that the schedule is now live. \n Registration for in-person attendance is US$300 through March 15th (that's this Saturday), and US$375 after the 15th, until we sell out. We have an in-person attendance cap of around 400, and we're well along with registrations, so don't delay. While I strongly encourage attending in person if possible, this is a hybrid event and you can also attend remotely for US$100. Remote attendance will utilize Zoom and Discord, and we've taken feedback from last year seriously and have made some changes. While it worked well enough last year, we're hoping it is even better this year, with dedicated channels and Discord monitors for each session, rather than 'track' channels and ad hoc monitors. Having a dedicated channel for each session will allow conversations to continue after the session, and will make it easier to keep discussions for each session separated, compared to the 'track' channels where one discussion often ran over into the next session. \n If you are going to attend in person, see my Pro Tip on VulnCon Hotels from my last time in the editor's seat. It might save you a bit. \n I am also proud to say that F5 is also one of the event sponsors this year. \n \n https://www.first.org/conference/vulncon2025/ \n https://www.first.org/conference/vulncon2025/program \n https://www.first.org/conference/vulncon2025/#Registration-Information \n https://www.first.org/conference/vulncon2025/sponsors \n \n \n That Was the Week That Was \n Thank you for your time and attention this week. I hope you found something of value in my ramblings. \n As always, if this is your first TWIS, you can always read past editions. I also encourage you to check out all of the content from the F5 SIRT. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"14534","kudosSumWeight":2,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDAyMTctUVJrc0tX?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340319":{"__typename":"Conversation","id":"conversation:340319","topic":{"__typename":"TkbTopicMessage","uid":340319},"lastPostingActivityTime":"2025-03-19T06:00:00.043-07:00","solved":false},"User:user:73921":{"__typename":"User","uid":73921,"login":"Dharminder","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS03MzkyMS14cFZvSDI?image-coordinates=35%2C195%2C924%2C1084"},"id":"user:73921"},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDAzMTktNUp5aE80?revision=5\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDAzMTktNUp5aE80?revision=5","title":"SIRT_DevCentral (1).jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:340319":{"__typename":"TkbTopicMessage","subject":"Phishing, Malware and Spyware Campaign, BRUTED Tool & CISA’s List Of Exploited Vulnerabilities","conversation":{"__ref":"Conversation:conversation:340319"},"id":"message:340319","revisionNum":5,"uid":340319,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:73921"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":223},"postTime":"2025-03-19T06:00:00.043-07:00","lastPublishTime":"2025-03-19T06:00:00.043-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable security news for the week of March 9th-15th March 2025, brought to you by the F5 Security Incident Response Team. This week, your editor is Dharminder. In this edition, I have security news about phishing campaign against Coinbase users, a new tool developed by ‘Black Basta’ ransomware group to breach edge networking devices like VPNs and Firewalls, OBSCURE#BAT Malware and KoSpy spyware campaigns and CISA’s updated list of Known Exploited Vulnerabilities (KEV) \n \n We at F5 SIRT invest a lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT. \n Ok, let’s get started and see the details of the security news. \n \n \n Coinbase Phishing Scam, Exploits Wallet Migration Fears \n A large-scale Coinbase phishing campaign is tricking users into setting up new wallets with pre-generated recovery phrases controlled by attackers. The phishing emails, with the subject \"Migrate to Coinbase Wallet,\" claim that users must transition to self-custodial wallets due to a court mandate following a class action lawsuit. The email provides instructions on how to download the legitimate Coinbase Wallet but includes a recovery phrase, falsely presented as the user's unique Coinbase Identity, to be used during the wallet setup. Unlike typical crypto phishing scams that aim to steal recovery phrases, this campaign provides a recovery phrase already controlled by the attacker. When users set up a wallet using this phrase and transfer funds, the attacker can access and steal the assets. The emails appear legitimate, passing various security checks, as they are sent through SendGrid, seemingly via an Akamai account. The reply address is noreply@akamai.com. Since the reply email address if of Akamai, Akamai is investigating it and urges users to exercise caution with unsolicited emails. Coinbase has issued a warning on X (formerly Twitter), stating they will never send recovery phrases and advising users never to enter a recovery phrase provided by someone else. Users who have fallen for the scam are advised to quickly transfer their funds out of the new wallet to regain control before the attackers steal them. \n \n https://www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/ \n https://cryptodnes.bg/en/crypto-users-targeted-in-new-sophisticated-wallet-scam/ \n \n Black Basta Develops BRUTED Tool to Breach VPNs and Firewalls \n The Black Basta ransomware group developed an automated brute-forcing framework called \"BRUTED\" to target edge networking devices, including VPNs and firewalls. Active since 2023, BRUTED enables large-scale credential-stuffing and brute-force attacks, streamlining initial network access for ransomware deployment. \n BRUTED targets widely used products such as SonicWall NetExtender, Palo Alto GlobalProtect, Cisco AnyConnect, Fortinet SSL VPN, Citrix NetScaler, Microsoft RDWeb, and WatchGuard SSL VPN. It scans for publicly accessible devices by enumerating subdomains, resolving IP addresses, and appending prefixes like \".vpn\" or \"remote.\" The framework retrieves password candidates from remote servers, combines them with locally generated guesses, and executes authentication attempts using multiple CPU processes. It further extracts SSL certificate data to generate additional password guesses based on domain naming conventions. \n To evade detection, BRUTED uses SOCKS5 proxies to obscure its infrastructure, which comprises servers registered in Russia. The tool's sophistication and automation expand Black Basta's victim pool and accelerate ransomware operations, Hence Organizations are urged to: \n \n Enforce strong, unique passwords for all edge devices. \n Implement multi-factor authentication (MFA) to block unauthorized access. \n Monitor for unusual login attempts and high-volume failures. \n Apply rate-limiting and account lockout policies. \n Regularly update device firmware and software to mitigate vulnerabilities. \n Block list of malicious IPs and domains linked to BRUTED provided by EclecticIQ researchers. \n \n \n https://blog.eclecticiq.com/inside-bruted-black-basta-raas-members-used-automated-brute-forcing-framework-to-target-edge-network-devices \n https://www.forbes.com/sites/daveywinder/2025/03/15/now-ransomware-attackers-can-brute-force-your-vpns-and-firewalls/ \n https://www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/ \n \n OBSCURE#BAT: Advanced Malware Campaign Leveraging Fake CAPTCHAs and Rootkits \n OBSCURE#BAT, a newly identified malware campaign, leverages social engineering to install the open-source rootkit r77. The malware primarily targets English-speaking users in the U.S., Canada, Germany, and the U.K. It uses fake Cloudflare CAPTCHA pages and masquerades as legitimate software, such as the Tor Browser and VoIP applications, to trick users into downloading malicious batch scripts. \n Once executed, the scripts run PowerShell commands that drop additional payloads, modify Windows Registry keys, and set up scheduled tasks to ensure persistence. The malware conceals itself by obfuscating scripts in the Windows Registry and registering a fake driver (ACPIx86.sys). The final stage of the attack installs r77, a user-mode rootkit that hides files, processes, and registry keys. \n OBSCURE#BAT also monitors clipboard activity and command history, likely for data exfiltration. To evade detection, it employs advanced obfuscation, string encryption, and API hooking techniques. The campaign highlights the increasing sophistication of modern malware, making detection and mitigation more challenging. Users are advised to avoid suspicious downloads, enable security protections, and scan their systems for unauthorized processes. \n https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html \n https://hackread.com/new-obscurebat-malware-targets-users-fake-captchas/ \n \n KoSpy: North Korean Android Spyware Campaign Against Android Users \n KoSpy, a sophisticated Android spyware linked to North Korean threat group APT37 (ScarCruft), infiltrated Google Play and APKPure through five malicious apps, including Phone Manager, File Manager, Smart Manager, Kakao Security, and Software Update Utility. Active since March 2022, the spyware targets Korean and English-speaking users by masquerading as utility tools. \n Once installed, KoSpy retrieves encrypted configurations from Firebase Firestore, connects to command-and-control (C2) servers, and evades detection by ensuring it is not running in an emulator. It dynamically loads plugins to collect sensitive data such as SMS messages, call logs, GPS location, files, audio recordings, photos, videos, screenshots, and keystrokes via Android Accessibility Services. Data is encrypted using a hardcoded AES key before exfiltration. \n The campaign was attributed to APT37 based on shared infrastructure with APT43 and ties to domains used in previous North Korean malware operations. While Google has removed these apps and deactivated related Firebase projects, users must manually uninstall them or perform factory resets for complete removal. Enabling Google Play Protect offers additional defense against known malware variants. \n https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/ \n https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37 \n https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ \n \n Recent Additions To CISA's Known Exploited Vulnerabilities Catalog \n The Cybersecurity and Infrastructure Security Agency (CISA) maintains list of known exploited vulnerabilities, which benefits the cybersecurity community, network defenders and organizations. \n CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with several new vulnerabilities known to be actively exploited in the wild. Below mentioned are the vulnerabilities added since March 11. Since the vulnerabilities are exploited in wild, organisations should take note of that and mitigate the vulnerabilities as soon as possible. \n \n \n CVE \n \n Product \n \n Vulnerability Info/ CWE \n \n Mitigation \n \n CVE-2025-24201 \n \n Apple iOS, iPadOS, macOS, visionOS, Safari \n \n Out-of-bounds write in WebKit \n \n Update to visionOS 2.3.2, iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, or Safari 18.3.1. \n \n CVE-2025-21590 \n \n Juniper Networks Junos OS \n \n Improper isolation or compartmentalization \n \n Apply the security patches provided by Juniper Networks. \n \n CVE-2025-26633 \n \n Microsoft Windows Management Console (MMC) \n \n Improper neutralization \n \n Apply the security updates provided by Microsoft. \n \n CVE-2025-24983 \n \n Microsoft Windows Win32 Kernel Subsystem \n \n Use-after-free \n \n Install the security updates provided by Microsoft. \n \n CVE-2025-24984 \n \n Microsoft Windows NTFS \n \n Information disclosure \n \n Apply the latest security patches from Microsoft. \n \n CVE-2025-24985 \n \n Microsoft Windows Fast FAT File System Driver \n \n Integer overflow and heap-based buffer overflow \n \n Install the security updates provided by Microsoft. \n \n CVE-2025-24991 \n \n Microsoft Windows NTFS \n \n Out-of-bounds read \n \n Apply the latest security updates from Microsoft. \n \n CVE-2025-24993 \n \n Microsoft Windows NTFS \n \n Heap-based buffer overflow \n \n Install the security updates provided by Microsoft. \n \n CVE-2025-25181 \n \n Advantive VeraCore \n \n SQL Injection \n \n Apply the updates provided by Advantive. \n \n CVE-2024-57968 \n \n Advantive VeraCore \n \n Unrestricted File Upload \n \n Update to VeraCore version 2024.4.2.1 or later. \n \n CVE-2024-13159 \n \n Ivanti Endpoint Manager (EPM) \n \n Absolute Path Traversal \n \n Apply the security update for Ivanti (EPM). \n \n CVE-2024-13160 \n \n Ivanti Endpoint Manager (EPM) \n \n Absolute Path Traversal \n \n Apply the security update for Ivanti EPM. \n \n CVE-2024-13161 \n \n Ivanti Endpoint Manager (EPM) \n \n Absolute Path Traversal \n \n Apply the security update for Ivanti EPM \n \n \n For CISA's complete list of exploited vulnerabilities please check the following link \n https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url= ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"10891","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zNDAzMTktNUp5aE80?revision=5\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:339137":{"__typename":"Conversation","id":"conversation:339137","topic":{"__typename":"TkbTopicMessage","uid":339137},"lastPostingActivityTime":"2025-03-11T09:46:22.551-07:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkxMzctZ2lyTnhz?revision=3\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkxMzctZ2lyTnhz?revision=3","title":"SIRT_DevCentral.jpg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:339137":{"__typename":"TkbTopicMessage","subject":"A Very Chinese New Year","conversation":{"__ref":"Conversation:conversation:339137"},"id":"message:339137","revisionNum":3,"uid":339137,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:241262"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" Happy New Year everyone! It's a new year, with new news, and the same old(er) MegaZone. This time we're looking at the news that I found worthy from the week of January 5-11, 2025. (Have you gotten used to typing 2025 yet?) I found it to be a fairly slow news week, and not much really grabbed my attention enough that I felt it was worth commenting on. That's not too unusual for the start of a new year, as there is often a bit of a post-holiday lull. Not that there was no news at all, it is never truly quiet in cybersecurity, just that most of it was run-of-the-mill stuff, IMHO. \n Oh, and as for the title of this 'issue', I know the Lunar New Year (aka Chinese New Year) isn't until January 29th, but I couldn't pass up the play on words given the topic below. And with that, let's dive in. \n ","introduction":"","metrics":{"__typename":"MessageMetrics","views":242},"postTime":"2025-01-16T11:31:29.108-08:00","lastPublishTime":"2025-03-11T09:46:22.551-07:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Happy New Year everyone! It's a new year, with new news, and the same old(er) MegaZone. This time we're looking at news that I found worthy from the week of January 5–11, 2025. (Have you gotten used to typing 2025 yet?) I found it to be a fairly slow news week, and not much really grabbed my attention enough that I felt it was worth commenting on. That's not too unusual for the start of a new year, as there is often a bit of a post-holiday lull. Not that there was no news at all. It is never truly quiet in cybersecurity, just that most of it was run-of-the-mill stuff, IMHO. \n Before I dive into this week's news, I'm going to abuse my editorial power to plug a couple of things. F5 Labs published their 2025 Cybersecurity Predictions, which is also a look back at the 2024 predictions, and how they panned out. Let's see how the new predictions play out this year. \n Speaking of the 2025 Cybersecurity Predictions, that was one of the two subjects we covered in the December episode of AppSec Monthly. The other topic was a look at the a topic from my last issue of TWIS, the Hack The Box study on mental health of security professionals. It's a subject I care about quite a bit, and something I've seen many of my peers struggle with, and have struggled with myself. We work in an intense, stressful field, and there is a general attitude of 'toughing it out', which just defers the impacts. \n This was my third episode of AppSec Monthly, starting in October. I am the new 'permanent' F5 SIRT host, so you should see me each month. Hopefully I'll get better at it with practice and you can follow along with the playlist, as well as checking out past episodes. I have some big shoes to fill with Aaron's departure, hopefully I can uphold the high standard he set. AppSec Monthly is also available as a podcast on Spotify, iTunes, and probably other platforms I'm forgetting about. \n Oh, and as for the title of this 'issue', I know the Lunar New Year (aka Chinese New Year) isn't until January 29, but I couldn't pass up the play on words given the topic below. And with that, let's dive in. \n Year of the Snake \n Last week Chris wrote about a Chinese APT targeting the US Treasury and my main topic this week is a continuation and expansion of that. Cybersecurity news in recent weeks has been full of stores relating to Chinese threat actors. That's a major, evolving story, which reaches beyond cybersecurity into global geopolitics. Without getting too deep into US politics, with the new presidential administration's prior attitudes toward and comments on China, I expect these events to have some significance. \n I'm going to rewind a bit to the previous week, which still saw stories about Chinese APT Salt Typhoon compromising multiple US telco providers, giving them the ability to geolocate millions of devices and record any communications. The actual extent of the intrusion is reportedly much more limited, with actions targeted at specific, high-value individuals, but the access was there. At the same time there was also coverage on the US Treasury Department being compromised due to a vulnerability in BeyondTrust. Within days this coverage was updated to highlight that the Office of Foreign Assets Control (OFAC), the Treasury department that administers economic and trade sanctions, was specifically targeted. \n As we entered this week, it was reported that OFAC was sanctioning Beijing-based Integrity Technology Group, Inc., a cybersecurity group that has been linked to state-sponsored APT Flax Typhoon (not to be confused with Salt Typhoon). Flax Typhoon was involved with malicious actions against US critical infrastructure providers in 2022 and 2023, utilizing Integrity's infrastructure to conduct their operations. The US State Department claims Flax Typhoon has targeted governmental organizations, telecommunications providers, media companies, and others, both within the US and in a number of other countries, most prominently Taiwan. You can see why OFAC would be of particular interest to a state-sponsored Chinese APT, providing insight toward potential upcoming sanctions. \n Coverage of these issues continued throughout the week. CISA stated that the BeyondTrust Treasury Department hack did not affect other federal agencies, which was a bit of good news. The primary BeyondTrust vulnerability was a critical command injection, assigned CVE-2024-12356, and this was added to CISA's Known Exploited Vulnerabilities (KEV) list in mid-December. There was also a medium-severity vulnerability involved, CVE-2024-12686. This second vulnerability was itself just added to the KEV this week. Another piece of good news came when both AT&T and Verizon, two of the nine telecom providers compromised by Salt Typhoon, reported that they'd purged the intrusion from their networks. Both vendors claim that they've notified all individuals who were targeted by Salt Typhoon, so if you haven't heard otherwise I guess you can assume you're safe. \n Early in the week, speaking at a Foundation for Defense of Democracies event, National Cyber Director Harry Coker Jr. called for the US to do more to deter China as a cybersecurity threat. Exactly what needs to be done to deter China seems to be less clear. What's been done so far appears to be completely ineffective, so more of the same doesn't seem like it would cut it. Then late in the week, it was reported that the Treasury breach also targeted the Committee on Foreign Investment in the US (CFIUS). This office with the Treasury, as the the name implies, oversees foreign investment, such as from China, in the US. One of their recent actions had been to step of review real estate sales near US military bases, in particular sales to Chinese entities. \n China has, of course, largely denied their involvement in any or all of this. \n Of course, mixed into all of this is the looming, absolutely idiotic, TikTok ban on January 19. The ban is nothing but ineffective political posturing, IMHO, if my opinion wasn't clear. It's disrupting the lives, and livelihoods, of millions of users and creators because politicians got their knickers in a twist over a popular social media platform, gasp, not being US-owned! Of course, the same people flip out when other nations take a similar view toward US-owned platforms operating in their countries. \n The irony is that the ban - due to TikTok being owned by China's ByteDance, and pearl-clutching and hand-wringing over China being able to influence content (as if foreign entities don't rabidly influence content on X, Facebook, Instagram, or any non-Chinese owned social media platform) - seems to be driving many people to move to a similar app, RedNote aka Xiaohongshu . RedNote is also Chinese-owned, and even more closely aligned with China as their primary user base is Chinese, unlike TikTok. That's just a beautiful example of the law of unintended consequences. Ifthe US government wanted an efficient way to make a generation resent them, they seem to have found it. \n The ban is just another factor in the tense geopolitical situation. I'msure we're far from seeing the end of these issues, and I'm just as sure there will be more to come. WhatI'm not at all sure about is how this will all play out. \n \n https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/ \n https://www.theregister.com/2024/12/31/us_treasury_department_hacked/ \n https://www.theregister.com/2025/01/02/chinese_spies_targeted_sanctions_intel/ \n https://www.cybersecuritydive.com/news/treasury-sanctions-flax-typhoon/736538/ \n https://www.scworld.com/news/us-sanctions-chinese-service-provider-for-supporting-threat-group \n https://www.cybersecuritydive.com/news/cisa-hack-treasury-federal-agencies/736654/ \n https://www.cybersecuritydive.com/news/att-verizon-salt-typhoon/736680/ \n https://www.cybersecuritydive.com/news/national-cyber-director-coker-china-deterrence/736920/ \n https://www.scworld.com/news/chinese-hackers-breach-office-that-reviews-foreign-investments-in-us \n https://www.theregister.com/2025/01/10/china_treasury_foreign_investment/ \n https://www.cybersecuritydive.com/news/cisa-second-beyondtrust-cve-exploited/737288/ \n https://www.cisa.gov/news-events/alerts/2024/12/19/cisa-adds-one-known-exploited-vulnerability-catalog \n https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog \n \n Digital Urbex \n The exploration of abandoned infrastructure in the physical world, often called Urban Exploration, or Urbex, can be fun and interesting. Also perhaps marginally legal. And dangerous. But fun. I'll just say Union Station in Worcester, MA had a very interesting interior, very Planet of the Apes, before it was restored and reopened. Anyway, it looks like a bit of digital urbex can be similarly fun and interesting, and entails less physical danger. Though still perhaps marginally legal. \n It turns out that if you're of a criminal bent and decide to save some labor by purchasing existing web shell backdoors on your target's devices from like minded individuals, those web shells may contain backdoors giving their creators access to all of your work. (Insert 'Inception' joke here.) These backdoors in backdoors call out to domain names for command and control. \n Sometimes their creators let those domain names lapse, as covered by watchTowr Labs in their new report. You may recall watchTowr from last September when they accidentally took over the ,mobi TLD. That one is also a very interesting read, and if I'd been on TWIS duty that week I'm sure I would've included it as it's a good tale. They share a similarity in exploiting abandoned or expired infrastructure to gain access to systems. Do check that one out too, but now back to the current news. \n By disassembling web shell malware to uncover the encoded domain names, they were able to register the unclaimed domains to start monitoring any incoming requests. And boy did they get some requests. They've uncovered more than 4,000 unique and live backdoors, and counting. All from commandeering the backdoors' backdoors' C&C domains. The compromised systems include governmental systems and Bangladesh, China, and Nigeria, universities or higher education systems in Thailand, China, South Korea, and much more. \n Of course, this left watchTowr with responsibility for this backdoor infrastructure. If they allowed the domains to once again lapse, someone with ill-intent would be able to exploit them. But that won't happen, as The Shadowserver Foundation has taken ownership of the domains and will sinkhole them to prevent their use. \n I wonder if watchTowr will be exploring any more abandoned digital infrastructure. I hope they do, the results have been interesting. \n \n https://www.theregister.com/2025/01/08/backdoored_backdoors/ \n https://cyberscoop.com/malicious-hackers-have-their-own-shadow-it-problem/ \n https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ \n \n VulnCon 2025 Approaches \n The 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference, aka VulnCon 2025 (let's all agree to never use that full name, OK?), is returning to Raleigh, NC Monday, April 7th through Thursday, April 10th. We'll be back at the North Carolina State University McKimmon Center, the same location as last year. This year it is four days, up from three, and we have more space in the facility, which all translates to more content. I'm saying 'we' because I am, again, one of the organizers, as a co-chair of the CVE.org Vulnerability Conference and Events Working Group (VCEWG). VulnCon is Co-Hosted by FIRST and the CVE Program. \n Last year we sold out the in-person admission and this year, even with the additional capacity, we expect to do so again. So, if you are thinking of attending in person, don't wait too long to register. Standard registration is US $300.00 through March 9th, and late registration is US $375.00 after March 9th - until sold out. Registration includes 'coffee breaks' and buffet lunches, and an on-site Welcome Reception on Monday, April 7. \n VulnCon is a hybrid event, and all panels will be streamed. Virtual admission is only US $100.00. Virtual is better than nothing, but if you can be there in person I encourage it; the Hallway Con is strong. There's also a ticketed Offsite Social on Tuesday, April 8 19:00-21:00 in downtown Raleigh—tickets are $30. \n The CFP is still open (see the next item below), so the 2025 program has yet to be finalized, but you can get an idea of what to expect from last year's program. \n \n https://www.first.org/conference/vulncon2025/ \n \n VulnCon 2025 CFP Extended \n The VulnCon Call For Papers deadline was Wednesday, January 15 - the day I'm wrapping up this edition of TWIS. But on the 14th, having heard from a few procrastinators, we extended the deadline to a hard stop of Friday, January 31, 2025. We will not be extending it again as we need time for the review committee to finalize selections, while leaving enough time for those selected to prepare their materials. \n If you've been procrastinating and thought you missed the deadline, or if this is the first your hearing of this and have something you'd like to present, you have a couple of weeks to get those proposals in. Don't wait until the 31st. If you'd like an idea of the type of content VulnCon is looking for, check out last year's program. \n \n https://www.first.org/conference/vulncon2025/cfp \n \n Pro Tip on VulnCon Hotels \n As mentioned above, VulnCon is in Raleigh, NC April 7–10. The Dreamville (Music) Festival is in Raleigh, NC April 5-6 - the weekend just before VulnCon. This has caused a bit of a squeeze on hotel rooms that weekend. Some hotels are booked for the weekend, and most of them appear to have increased their room rates for those nights due to the increased demand. Unsurprisingly, the lower-priced hotels have the least availability, and if you try to book a room for the week, with a weekend arrival, you may only find more expensive options. Of course, you could always attend the festival and then come to VulnCon and twofer your trip. \n Availability increases, and room rates decrease, beginning Monday. One option would be to arrive Monday morning and avoid the higher weekend rates entirely. Another option is to book whatever is available for the weekend and then make a separate reservation starting on Monday at a more affordable hotel, to reduce your overall travel spend. I need to be there before Monday, so that's what I'm doing—and it saved around $800 for the week. \n In either case, you will be able to check bags at the McKimmon Center for the day. So you could come straight there Monday, or checkout of your first hotel and bring your bag(s) for the day, and then check in to your hotel for the rest of the week that evening. There is a list of suggested hotels on the VulnCon site. Most of them are in and around downtown, but the TownePlace Suites and Holiday Inn Express & Suites are perhaps the closest to the facility, on the other side of campus from downtown, and a very short ride—literally at the end of the road the McKimmon is on. They're both fairly new, built in 2020 I believe, and are decent. I stayed at TownePlace last year and had a great experience, so I will be doing so again. \n Maybe this will save you a little frustration, and a few bucks. \n \n https://www.first.org/conference/vulncon2025/hotel \n \n That Was the Week That Was \n Thank you for your time and attention this week. I hope you found something of value in my ramblings. \n As always, if this is your first TWIS, you can always read past editions. I also encourage you to check out all of the content from the F5 SIRT. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"16116","kudosSumWeight":2,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzkxMzctZ2lyTnhz?revision=3\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:340118":{"__typename":"Conversation","id":"conversation:340118","topic":{"__typename":"TkbTopicMessage","uid":340118},"lastPostingActivityTime":"2025-03-06T09:05:12.587-08:00","solved":false},"User:user:56757":{"__typename":"User","uid":56757,"login":"Jordan_Zebor","registrationData":{"__typename":"RegistrationData","status":null},"deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://community.f5.com/t5/s/zihoc95639/images/dS01Njc1Ny0yMjQwNGkxRjU4NUFCNzdBRjYzQTMz"},"id":"user:56757"},"TkbTopicMessage:message:340118":{"__typename":"TkbTopicMessage","subject":"AppWorld 2025 Security Insights - ADC 3.0, AI Security, and more","conversation":{"__ref":"Conversation:conversation:340118"},"id":"message:340118","revisionNum":5,"uid":340118,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:56757"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":"","introduction":"","metrics":{"__typename":"MessageMetrics","views":175},"postTime":"2025-03-06T09:05:05.872-08:00","lastPublishTime":"2025-03-06T09:05:12.587-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Welcome to this week’s notable security news (Feb 24–Mar 2, 2025), brought to you by Jordan_Zebor from F5 SIRT. Although our main focus is usually on emerging threats and protective measures, I recently attended F5 AppWorld 2025 in person and found it invaluable for understanding what’s next in secure application delivery. \n For those who aren’t familiar, F5 AppWorld is an in-person conference packed with sessions, hands-on labs, and networking opportunities—an ideal forum for discussing real-world challenges in securing and optimizing applications. \n F5 AppWorld was especially exciting this year, with one major announcement immediately standing out: ADC 3.0—the industry’s first converged platform for application delivery and security in hybrid multicloud infrastructures. At its core, ADC 3.0 features the F5 AI Gateway, which mitigates threats like sensitive information disclosure and prompt injection, directly addressing the OWASP LLM Top 10 vulnerabilities. From our F5 SIRT perspective, this integrated traffic management and AI-specific threat protection is a big step forward in stopping sophisticated attacks before they reach critical assets. \n Another key development was the new AI assistant for F5 NGINX One. Powered by a large language model trained specifically for NGINX, it offers real-time, context-aware guidance for DevOps, SecOps, NetOps, and Platform Ops teams. By reducing manual troubleshooting and configuration time, it promises noticeable improvements in both performance and security operations. \n F5’s expanded VELOS hardware—including the CX1610 6-Tbps chassis and BX520 400-Gbps blade—also drew significant attention. With the ability to handle 224 million Layer 7 requests per second, VELOS provides robust defenses against large-scale DDoS attacks and other disruptive threats. In an era of escalating assaults, its high throughput and low latency are invaluable for maintaining availability. \n Outside of these technical highlights, astronaut Scott Kelly’s keynote was a memorable conference moment. He offered both humor and insight on resilience and learning from failure, showing how teams can excel under pressure. \n Overall, F5 AppWorld underscored the importance of having direct conversations about strong security practices and real-world application needs. Hearing customers’ challenges firsthand inspires us at F5 SIRT to continuously refine our countermeasures and strategies. For anyone looking to stay ahead of the evolving threat landscape, the innovations unveiled at AppWorld provide a glimpse into what’s possible. If you’d like to learn more, visit F5’s website or contact us directly to explore how these solutions might improve your security posture. \n ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"2752","kudosSumWeight":3,"repliesCount":0,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"Conversation:conversation:339995":{"__typename":"Conversation","id":"conversation:339995","topic":{"__typename":"TkbTopicMessage","uid":339995},"lastPostingActivityTime":"2025-03-04T10:29:42.654-08:00","solved":false},"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzk5OTUtcVlHUXNy?revision=4\"}":{"__typename":"AssociatedImage","url":"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzk5OTUtcVlHUXNy?revision=4","title":"F5SIRT.jpeg","associationType":"TEASER","width":680,"height":383,"altText":""},"TkbTopicMessage:message:339995":{"__typename":"TkbTopicMessage","subject":"U.S. Government cuts, Majorana 1 Chip, CVEs for Mongoose and OpenSSH","conversation":{"__ref":"Conversation:conversation:339995"},"id":"message:339995","revisionNum":4,"uid":339995,"depth":0,"board":{"__ref":"Tkb:board:security-insights"},"author":{"__ref":"User:user:217342"},"teaser@stripHtml({\"removeProcessingText\":true,\"truncateLength\":-1})":" ","introduction":"","metrics":{"__typename":"MessageMetrics","views":447},"postTime":"2025-02-26T11:26:21.781-08:00","lastPublishTime":"2025-03-04T10:29:42.654-08:00","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})":" Notable news for the week of February 17th through February 24th. Your editor this week is Chris from the F5 Security Incident Response Team. For this edition, we discuss U.S. government cuts to cyber security and consumer protections; Microsoft’s advancement in the field of quantum computing, and new flaws found in both MongoDB as well as OpenSSH. \n Cuts to Cyber and Consumer Protections \n With the new administration in the US, there have been a large amount of job cuts throughout the federal government. This also includes at least 130 employees being fired from the Cybersecurity and Infrastructure Security Agency (CISA). These cuts are reported to include staff dedicated to election security, fighting misinformation, and foreign influence operations. Along with the cuts, the Department of Government Efficiency (DOGE) arrived at CISA and were given access to the agency’s email and files. DOGE has been gaining access to many sensitive federal agencies that contain a large amount of personal and financial information on Americans. These agencies include the Social Security Administration (SSA), the Department of Homeland Security, the Office of Personnel Management (OPM), and the Treasury Department. DOGE has also been trying to gain access to the systems of the Internal Revenue Service (IRS). From a security standpoint, this is extremely alarming because it appears to be bypassing many security safeguards and measures. This sentiment is reported by many security experts. Another aspect that does not inspire confidence is that the doge.gov website administrators had left their database wide open, allowing someone to publish messages making fun of the insecurity that the site has. \n On the aspect of consumer protection, the Consumer Financial Protection Bureau (CFPB) was ordered to stop most work. The CFPB was created in 2011 to protect consumers from financial institutions that violate consumer protection laws. The newly appointed CFPB director, Russell Vought, has publicly favored abolishing the agency which is alarming since it would remove some of the regulations that exist. \n https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/ \n Microsoft's Majorana 1 Chip \n Microsoft has announced the world's first quantum processor that uses topological qubits. They have named this the Majorana 1. They have designed this to scale to a million qubits on a single chip. Typical qubits are highly sensitive to noise in the environment. This can cause them to lose their quantum state introducing errors. This is known as decoherence. To counter this there needs to be many more qubits added for error correction which means a lot more room needed for just one qubit to work. Topological qubits work by encoding information in the topology of the physical system which in theory, makes each qubit more fault tolerant. Essentially, this means few are needed in the long run to produce a quantum computer. This is a huge achievement but along with it comes the security concerns. The main concern being the ability to do quantum decryption. This technology brings the reality of a fault tolerant protype to years instead of decades. Many believe this will be within 5 to 10 years. \n https://www.securityweek.com/what-microsofts-majorana-1-chip-means-for-quantum-decryption/ \n Critical MongoDB Library Flaws \n Two critical vulnerabilities in a third-party library that MongoDB relies on was found which can lead to stolen data or code to be ran. Mongoose is an Object Data Modeling (ODM) library used by MongoDB to enable database integrations in Node.js applications. Researchers at OPSWAT revealed two critical security flaws that threaten the integrity of data stored in MongoDB as well as opening it up to theft, manipulation, or destruction. \n This first CVE is CVE-2024-53900 which is given a CVSS score of 9.1. This is an SQL injection bug which allows a specially crafted query to bypass MongoDB's server-side JavaScript restrictions potentially leading to a remote code execution (RCE). This was reported in November and patched in version 8.8.3. \n The second CVE is CVE-2025-23061 with a CVSS score of 9.0. This was found by the same researcher and is actually a bypass in the patched version that still allowed for RCE. This was addressed in version 8.9.5. \n https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/ \n New OpenSSH Flaws \n Two new security vulnerabilities have been found in the OpenSSH suite which could result in an active Machine-in-the-Middle (MitM) or a Denial-of-Service (DoS) attack under specific conditions. \n The first is CVE-2025-26465 with a CVSS score of 6.8. The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to a MitM attack if the VerifyHostKeyDNS option is enabled. \n The second is CVE-2025-26466 with a CVSS score of 5.9. The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption. \n A successful exploitation of the first one could permit malicious actors to compromise and hijack SSH sessions and possibly gain access to sensitive data. The VerifyHostKeyDNS is disabled by default. \n Exploitation of the second CVE can result in availability issues as indicated by labeling as a DoS vulnerability. \n Both of these CVEs have been addressed in version 9.9p2 of OpenSSH which was released on February 18th. \n https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html ","body@stripHtml({\"removeProcessingText\":true,\"removeSpoilerMarkup\":true,\"removeTocMarkup\":true,\"truncateLength\":-1})@stringLength":"5810","kudosSumWeight":2,"repliesCount":1,"readOnly":false,"images":{"__typename":"AssociatedImageConnection","edges":[{"__typename":"AssociatedImageEdge","cursor":"MjUuM3wyLjF8b3wyNXxfTlZffDE","node":{"__ref":"AssociatedImage:{\"url\":\"https://community.f5.com/t5/s/zihoc95639/images/bS0zMzk5OTUtcVlHUXNy?revision=4\"}"}}],"totalCount":1,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"videos":{"__typename":"VideoConnection","edges":[],"totalCount":0,"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}}},"CachedAsset:text:en_US-components/community/Navbar-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1745595728815","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","migrated-link-9":"Groups","migrated-link-7":"Technical Articles","migrated-link-8":"DevCentral News","migrated-link-1":"Technical Forum","migrated-link-10":"Community Groups","migrated-link-2":"Water Cooler","migrated-link-11":"F5 Groups","Common-external-link":"How Do I...?","migrated-link-0":"Forums","article-series":"Article Series","migrated-link-5":"Community Articles","migrated-link-6":"Articles","security-insights":"Security Insights","migrated-link-3":"CrowdSRC","migrated-link-4":"CodeShare","migrated-link-12":"Events","migrated-link-13":"Suggestions"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1745595728815","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1745595728815","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1745595728815","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1745595728815","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1745595728815","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagSubscriptionAction-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagSubscriptionAction-1745595728815","value":{"success.follow.title":"Following Tag","success.unfollow.title":"Unfollowed Tag","success.follow.message.followAcrossCommunity":"You will be notified when this tag is used anywhere across the community","success.unfollowtag.message":"You will no longer be notified when this tag is used anywhere in this place","success.unfollowtagAcrossCommunity.message":"You will no longer be notified when this tag is used anywhere across the community","unexpected.error.title":"Error - Action Failed","unexpected.error.message":"An unidentified problem occurred during the action you took. Please try again later.","buttonTitle":"{isSubscribed, select, true {Unfollow} false {Follow} other{}}","unfollow":"Unfollow"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1745595728815","value":{"title":"Query Handler"},"localOverride":false},"Category:category:top":{"__typename":"Category","id":"category:top","nodeType":"category"},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1745595728815","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageListTabs-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageListTabs-1745595728815","value":{"mostKudoed":"{value, select, IDEA {Most Votes} other {Most Likes}}","mostReplies":"Most Replies","mostViewed":"Most Viewed","newest":"{value, select, IDEA {Newest Ideas} OCCASION {Newest Events} other {Newest Topics}}","newestOccasions":"Newest Events","mostRecent":"Most Recent","noReplies":"No Replies Yet","noSolutions":"No Solutions Yet","solutions":"Solutions","mostRecentUserContent":"Most Recent","trending":"Trending","draft":"Drafts","spam":"Spam","abuse":"Abuse","moderation":"Moderation","tags":"Tags","PAST":"Past","UPCOMING":"Upcoming","sortBymostRecent":"Sort By Most Recent","sortBymostRecentUserContent":"Sort By Most Recent","sortBymostKudoed":"Sort By Most Likes","sortBymostReplies":"Sort By Most Replies","sortBymostViewed":"Sort By Most Viewed","sortBynewest":"Sort By Newest Topics","sortBynewestOccasions":"Sort By Newest Events","otherTabs":" Messages list in the {tab} for {conversationStyle}","guides":"Guides","archives":"Archives"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewInline-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewInline-1745595728815","value":{"bylineAuthor":"{bylineAuthor}","bylineBoard":"{bylineBoard}","anonymous":"Anonymous","place":"Place {bylineBoard}","gotoParent":"Go to parent {name}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Pager/PagerLoadMore-1745595728815","value":{"loadMore":"Show More"},"localOverride":false},"CachedAsset:text:en_US-components/customComponent/CustomComponent-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/customComponent/CustomComponent-1745595728815","value":{"errorMessage":"Error rendering component id: {customComponentId}","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/OverflowNav-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/OverflowNav-1745595728815","value":{"toggleText":"More"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1745595728815","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1745595728815","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1745595728815","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1745595728815","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1745595728815","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageUnreadCount-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageUnreadCount-1745595728815","value":{"unread":"{count} unread","comments":"{count, plural, one { unread comment} other{ unread comments}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageViewCount-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageViewCount-1745595728815","value":{"textTitle":"{count, plural,one {View} other{Views}}","views":"{count, plural, one{View} other{Views}}"},"localOverride":false},"CachedAsset:text:en_US-components/kudos/KudosCount-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/kudos/KudosCount-1745595728815","value":{"textTitle":"{count, plural,one {{messageType, select, IDEA{Vote} other{Like}}} other{{messageType, select, IDEA{Votes} other{Likes}}}}","likes":"{count, plural, one{like} other{likes}}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRepliesCount-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRepliesCount-1745595728815","value":{"textTitle":"{count, plural,one {{conversationStyle, select, IDEA{Comment} OCCASION{Comment} other{Reply}}} other{{conversationStyle, select, IDEA{Comments} OCCASION{Comments} other{Replies}}}}","comments":"{count, plural, one{Comment} other{Comments}}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1745595728815":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1745595728815","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false}}}},"page":"/tags/TagPage/TagPage","query":{"messages.widget.messagelistfornodebyrecentactivitywidget-tab-main-messages-list-for-tag-widget-0":"mostRecent","tagName":"TWIS"},"buildId":"ISAhs0UxT148eG089lpQq","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"f5","openTelemetryServiceVersion":"25.3.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/customComponent/CustomComponent/CustomComponent.tsx","./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/tags/TagsHeaderWidget/TagsHeaderWidget.tsx","./components/messages/MessageListForNodeByRecentActivityWidget/MessageListForNodeByRecentActivityWidget.tsx","./components/tags/TagSubscriptionAction/TagSubscriptionAction.tsx","./components/customComponent/CustomComponentContent/TemplateContent.tsx","../shared/client/components/common/List/ListGroup/ListGroup.tsx","./components/messages/MessageView/MessageView.tsx","./components/messages/MessageView/MessageViewInline/MessageViewInline.tsx","../shared/client/components/common/Pager/PagerLoadMore/PagerLoadMore.tsx","./components/customComponent/CustomComponentContent/HtmlContent.tsx","./components/customComponent/CustomComponentContent/CustomComponentScripts.tsx"],"appGip":true,"scriptLoader":[]}