A sophisticated cyberattack campaign attributed to APT28 (Fancy Bear), a Russian GRU-linked threat actor, has targeted Ukrainian government systems. The campaign deployed two novel malware strains—BEARDSHELL and SLIMAGENT.

Hewlett Packard Enterprise (HPE) has disclosed eight vulnerabilities in its StoreOnce data backup and deduplication platform, with the most critical being CVE-2025-37093. This authentication bypass flaw carries a CVSS score of 9.8.

Cloudflare has addressed CVE-2025-4366, a request smuggling vulnerability in the Pingora OSS framework, affecting its CDN free tier and users of pingora-proxy and pingora-cache crates.