The Cybersecurity and Infrastructure Security Agency on Wednesday issued a sweeping emergency order directing all federal agencies to immediately patch critical vulnerabilities in certain devices and software made by F5, a technology vendor, after confirming a nation-state cyber actor gained unauthorized access to F5's source code.

CISA — a part of the Department of Homeland Security which manages risks to the U.S.'s cyber and physical infrastructure — issued Emergency Directive 26-01 following the company's disclosure that a foreign threat actor had maintained long-term, persistent access to its internal development and engineering environments using source code.

Officials warned that attackers could exploit the vulnerabilities to steal credentials, move laterally through networks,

See Full Page