Researchers have uncovered a novel technique to bypass Address Space Layout Randomization (ASLR) in Apple devices by exploiting deterministic behaviors in the NSKeyedArchiver and NSKeyedUnarchiver serialization frameworks.

Researchers have identified 22 vulnerabilities currently under active exploitation, with 12 detected via honeypot sensors and 10 exploited by ransomware groups. Notably, nine of these vulnerabilities are not listed in CISA’s KEV catalog.

The ransomware group Qilin emerged as the most dominant threat actor in August, claiming responsibility for 104 attacks during the month alone. Since April, Qilin has amassed a total of 398 victims, placing it more than 70% ahead of Akira.

APT28 (aka Fancy Bear, Sofacy, Sednit) has launched a sophisticated cyber-espionage campaign dubbed "Phantom Net Voxel," combining steganography, cloud-based command-and-control (C2), and modular implants.

A sophisticated cyberattack campaign attributed to APT28 (Fancy Bear), a Russian GRU-linked threat actor, has targeted Ukrainian government systems. The campaign deployed two novel malware strains—BEARDSHELL and SLIMAGENT.

Hewlett Packard Enterprise (HPE) has disclosed eight vulnerabilities in its StoreOnce data backup and deduplication platform, with the most critical being CVE-2025-37093. This authentication bypass flaw carries a CVSS score of 9.8.

Cloudflare has addressed CVE-2025-4366, a request smuggling vulnerability in the Pingora OSS framework, affecting its CDN free tier and users of pingora-proxy and pingora-cache crates.