Internet threat-monitoring non-profit Shadowserver has identified more than 14,000 F5 BIG-IP Access Policy Manager (APM) instances still exposed online and vulnerable to active attacks exploiting a critical-severity Remote Code Execution (RCE) vulnerability, even after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) mandated federal remediation. A Five-Month-Old Flaw, Newly Weaponized The vulnerability, tracked as CVE-2025-53521, […] The post 14,000+ F5 BIG-IP APM Instances Exposed as RCE Exploits Surge appeared first on Cyber Security News.