F5 got owned a few years ago and didn't notice until August, 8-K edition https://www.sec.gov/ix?doc=/Archives/edgar/data/1048695/000104869525000149/ffiv-20251015.htm

"During the course of its investigation, the Company determined that the threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment. Certain files were exfiltrated, some of which contained certain portions of the Company’s BIG-IP source code and information about undisclosed vulnerabilities that it was working on in BIG-IP."