Director Engineering

F5 and Nutanix unveil new joint solutions. F5 Ecosystem | April 07, 2026 As Nutanix .NEXT approaches, I'm pleased to highlight how F5 and Nutanix together continue to expand its partnership to help customers deliver and secure modern applications across hybrid and multicloud environments. As a Silver sponsor of this year's event, F5 is focused on partnering with Nutanix to enable its joint customers to simplify migrations and streamline operations while maintaining consistent application delivery and security policies - regardless of where applications run. A flexible platform for modern workloads. Nutanix is a leading provider of a cloud platform that uses hyperconverged infrastructure (HCI) as the foundation. This integrates storage, compute, networking, and virtualization into a unified, scalable, and easily managed platform. This software-defined solution reduces infrastructure complexity, simplifies operations and lifecycle management, and enables faster deployment and scaling than traditional tiered IT environments. The Nutanix platform also provides unified management and controls across data centers, edge, and multicloud environments for easy workload mobility, with built-in support for virtual machines (VMs), containers, and modern workloads like Kubernetes and AI. In addition to providing organizations with a forward-facing platform to modernize their IT infrastructure, Nutanix also offers a more cost-effective alternative to legacy platforms, with lower infrastructure costs, more flexible packages, and a transparent licensing model that delivers lower total cost of ownership (TCO). "F5 technologies employ pre-validated integrations with Nutanix to simplify the migration process by managing traffic, balancing workloads, and integrating security." For many organizations, moving to the Nutanix platform from a more traditional IT environment makes a lot of sense, but migrating workloads from a legacy infrastructure includes the challenge of mapping application dependencies, replicating security policies and network configurations, and ensuring that critical applications remain available during the transition. Platform migration made simple. That's where F5 comes in. F5 technologies employ pre-validated integrations with Nutanix to simplify the migration process by managing traffic, balancing workloads, and integrating security. Employing F5 products and solutions help ensure application availability during the transition to Nutanix, reducing risk and disruption. F5 BIG-IP Virtual Edition (VE) plays a key role in Nutanix migrations by managing traffic, balancing loads, and integrating security. It ensures continuous application availability and consistent performance during transition, reducing downtime and performance issues. It also ensures certification compatibility by enabling configuration portability of existing security policies, traffic management rules, and licensing. (Watch its on-demand webinar to learn more about migrating from legacy platforms to Nutanix with F5 BIG-IP.) F5 Distributed Cloud Services also play a critical role in migration by ensuring secure connections and centralized control over security policies. These services enhance visibility and management across hybrid and multicloud environments, reducing complexity and accelerating migration timelines. Distributed Cloud Services act as a bridge between environments, enabling organizations to move workloads without downtime, maintain uniform security and management policies, and reduce operational complexity during the transition. Partnering to manage and optimize infrastructure. Beyond migration, continued collaboration between F5 and Nutanix unite these two industry leaders by combining powerful hyperconverged infrastructure from Nutanix with the F5 Application Delivery and Security Platform (ADSP) to deliver advanced infrastructure solutions that simplify complexity, optimize performance, and enhance delivery and security. The F5 and Nutanix partnership redefines how organizations manage and fine tune their infrastructure, addressing current challenges and presenting opportunities for future growth and innovation. Beyond expediting application and workload migration, key joint use cases from F5 and Nutanix include: * Secure connectivity across hybrid and multicloud environments.The recent integration between Distributed Cloud Services and Nutanix Flow Network Security enables secure, resilient application services across hybrid and multicloud environments. This joint architecture allows organizations to maintain control over app delivery and security within a virtual private cloud (VPC). By selectively advertising HTTP load balancers or virtual IP addresses to designate VPCs, organizations can ensure secure and efficient hybrid cloud connectivity. (Watch the video.) In addition, the integration simplifies network segmentation across hybrid and multicloud environments. Combining Nutanix Flow Network Security for micro-segmentation with Distributed Cloud Services to extend the network to remote locations enables organizations to deliver comprehensive end-to-end network security within VPCs. The integration enforces a consistent security posture while simplifying segmentation across environments. (Watch the video.) F5 NGINX Plus on the Nutanix Kubernetes Platform * Managing incoming traffic within Kubernetes clusters. As organizations deploy a growing volume of microservices, the need for robust, flexible, and intelligent traffic management solutions becomes more apparent. Now certified for the Nutanix Kubernetes Platform (NKP), F5 NGINX Plus can be integrated as the ingress controller within NKP, enabling organizations to unlock a seamless, unified approach to managing application traffic, with enhanced visibility and control over network flows. NGINX Plus certification gives organizations confidence that they can deploy high-performance, scalable application delivery using supported, enterprise-grade software - helping standardize operations, improve reliability, and accelerate time to value within Nutanix environments. (Watch the video.) * Multi-cluster application delivery. As Kubernetes environments continue to expand, the need for consistent, secure, and efficient multi-cluster application delivery becomes increasingly critical. F5 BIG-IP Container Ingress Services (CIS) within NKP allows customers to automate application delivery for containerized workloads, providing consistent traffic management, policy enforcement, and operational control across Kubernetes environments. Together, BIG-IP CIS and NKP provide a unified, automated, and future-ready solution that removes much of the operational complexity traditionally associated with distributed architectures. This joint solution delivers consistent security enforcement, intelligent traffic management, and streamlined operations across any number of Kubernetes clusters. (Watch the video.) Together, F5 and Nutanix help its joint customers gain better visibility, improve application performance, and reduce operational friction as they modernize infrastructure and prepare for AI-driven workloads. Visit F5 Booth S9 at Nutanix .NEXT this week to explore its solutions and speak with its representatives.

Critical F5 BIG-IP flaw upgraded to 9.8 RCE, exploited in the wild. F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. March 31, 2026 Cybersecurity researchers at F5 have issued an urgent warning regarding a severe security flaw affecting their BIG-IP APM systems. Originally, the issue was dismissed as a minor technical glitch, but it has been re-categorised as a major threat following new evidence found in March 2026. For your information, this technology is used by several large organisations to manage how staff log in to private networks. Discover more AI security solutions Digital forensics tools VPN services F5 researchers noted that the issue, tracked as CVE-2025-53521, allows attackers to send malicious traffic to a server to take complete control of it. In simple terms, this leads to Remote Code Execution (RCE), meaning unauthorised individuals could run their own commands on a company's hardware from anywhere in the world without a password. From minor glitch to major threat. This discovery follows a high-profile incident reported by Hackread.com in October 2025, where F5 confirmed it was the victim of a state-sponsored cyberattack. While F5 noted then that their update mechanisms remained safe, this latest flaw represents a new and urgent danger. Earlier investigations suggested this was merely a Denial-of-Service problem, an attack that simply crashes a system. However, further probing revealed a much more dangerous reality: the flaw is actually a memory-handling error that lets attackers bypass security entirely to plant malicious software. Because of this, the severity score has been pushed to a 9.8 out of 10, marking it as a critical emergency. Identifying at-risk systems. According to researchers, the danger is concentrated on the apmd process within specific versions of the software. The systems most at risk include the 17.x, 16.x, and 15.x branches of the BIG-IP APM. However, many of F5's newer products have been cleared of this risk, and the BIG-IP Next range, NGINX, and the F5 AI Gateway are not vulnerable. It is worth noting that this flaw only becomes a 'live' threat if a specific access policy is turned on. According to researchers, "this vulnerability has been exploited in the vulnerable BIG-IP versions," which basically means hackers are already using this "open door" to break into systems. Signs of a digital break-in. To help businesses identify if they have been targeted, F5 released a list of Indicators of Compromise on 27 March 2026. This report provides details on c05d5254, a specific type of malicious software that attackers plant on systems to maintain control after a break-in. Discover more Penetration testing services Identity theft protection Threat Intelligence Service This software is designed to be stealthy; once a system is infected, hackers might hide their activity by making web traffic look like harmless website design code (CSS files) to trick monitors. Further investigation revealed several red flags, such as the presence of unusual files like /run/bigtlog.pipe and changes to the digital "fingerprints" of standard files like /usr/bin/umount. Additionally, the system's integrity tool, sys-eicheck, may fail, and logs might show a local user named f5hubblelcdadmin trying to disable security protections. As Hackread know it, the safest move is to install the latest official patches immediately. If you do not know exactly when a system was hacked, researchers at F5 suggest rebuilding from scratch because "UCS files from compromised systems can contain persistent malware." Industry experts weigh in. Several industry leaders shared their insights on the situation with Hackread.com, including John Bambenek, President at Bambenek Consulting, stating that "This vulnerability is more of a classic denial of service in that the device would crash. Given that we are talking about access management, it would disrupt remote employees the most. While attackers in times of geopolitical conflict are not above using DoS attacks, they tend to focus their efforts on classic flooding DDoS attacks that require low sophistication to deploy." "That being said, the DoS component of this vulnerability has been known; the change is that it was discovered this vulnerability could also be used for remote code execution, which is why there is a new advisory," he added. Discover more Cybersecurity News Platform Ethical hacking tools Network security hardware David Brumley, Chief AI and Science Officer at Bugcrowd, explained that "This is an all-hands-on-deck moment for F5 customers. What looked like a denial of service bug is actually a remote takeover, and attackers are already using it." Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform's trusted coverage. A recent report revealed that a bank in Germany, had its bank accounts hacked with the hacker having... EE, a British mobile network giant owned by BT Group has been accused of leaving a critical code repository on... Another day, another trove of login credentials in plain text found online. The KryptoCibule malware also mines cryptocurrency on targeted devices.