Yubikey OTP support has been disabled in -current. The commit message explains the rationale:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2025/08/14 08:39:44

Modified files:
	sys/dev/usb    : ukbd.c 

Log message:
Most Yubikey ship with OTP support enabled out of the box (and generate
accidental output like cccccblddbkhelgbdjuughbjdcvrddggdcjvricrriuk).
Yubikey re-configuration requires crazy buggy and fragile tools using crazy
usb feature support, and therefore OTP disabling is very annoying.  We
make a policy decision to not attach these as keyboards anymore, because a
majority of users just want the FIDO functionality.  If you want to use OTP,
buy a different device from a different vendor or convince Yubikey to
significantly improve their tooling.
idea from kettenis

To be clear: this affects only the keyboard attachment of only Yubico devices. Therefore:

• USB security devices from other vendors are not affected.
• FIDO functionality of Yubikeys (and Yubico security keys) is not affected.
• login_yubikey(8) can no longer be used for local authentication purposes, but will still function for authentication of remote clients (so long as they support Yubikey OTP).

Running a patched kernel is the only way [at present] to reverse this change.

OpenSSH will now adapt IP QoS to actual sessions and traffic. In a fresh commit, Damien Miller (djm@) introduced a significant change, which enables ssh and sshd to set the IP QoS based on what connections and sessions are active.

The commit message says,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Damien Miller <djm () cvs ! openbsd ! org>
Date:       2025-08-18 3:43:01

CVSROOT:	/cvs
Module name:	src
Changes by:	djm@cvs.openbsd.org	2025/08/17 21:43:01

Modified files:
	usr.bin/ssh    : sshd-session.c sshd-auth.c ssh.c session.c 
	                 serverloop.c packet.h packet.c mux.c misc.c 
	                 clientloop.c channels.h channels.c 

Log message:
Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS)
continually at runtime based on what sessions/channels are open.

Version 0.117 of Game of Trees has been released (and the port updated):

• regress: replace "sed -i" with ed(1) for portable in-place editing
• ensure that error messages from gotsysd libexec helpers get logged
• fix gotsysd using wrong auth and hmac labels in the generated gotd.conf
• preserve bad symlinks across merges during rebase and histedit
• improve binary files detection: detect any control characters, not just NUL
• gotwebd: fix race condition resulting in trucated html with trailing garbage
• make commit coloring faster and more accurate, producing smaller pack files
• improve selection of pack files for pinning in the open pack file cache
• regress: don't load global/home git configuration files while running tests
• make 'got clone' set a got.conf default branch for fetching only, not sending

In a recent entry on his blog, OpenBSD developer Ted Unangst (tedu@) asks, is OpenBSD 10x faster than Linux?. He explains,

Here’s a little benchmark complements of Jann Horn. It’s unexpectedly slow on Linux. OpenBSD is so fast, I had to modify the program slightly to measure itself, as the time utility is missing sufficient precision to even record nonzero.

Go on, read the rest over at Ted's blog for some fun tidbits on performance and benchmarks.

OpenBSD users and aficionados are more likely than others to be familiar with the concept of greytrapping (the nastier kid sister of greylisting), as implemented via the OpenBSD spamd(8) spammer taunting software.

The feature has now been around for 18 years, and undeadly.org co-editor Peter Hansteen found that and another milestone to be a good reason to write a retrospective:

Friends, it finally happened. On August 7th, 2025, the number of spamtraps intended to woo the unwary spammer rolled past the number of inhabitants in my home country of Norway. It's time for a retrospective.

So I wrote up one: Eighteen Years of Greytrapping - Is the Weirdness Finally Paying Off? (also available with G's trackers here) is a retrospective article with data and graphs.

That's right, we've been making life harder for spammers for 18 years. Peter's writeup has links to data, and more field notes and war stories than he could actually remember writing when he started on the retrospective.

We have long been aware that OpenBSD and OpenSSH in general are at the very forefront of cryptography engineering.

A recent data point here is that Damien Miller (djm@) just committed a new OpenSSH Post-Quantum Cryptography FAQ page to the OpenSSH web site:

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: www
From:       Damien Miller <djm () cvs ! openbsd ! org>
Date:       2025-08-11 5:26:51

CVSROOT:	/cvs
Module name:	www
Changes by:	djm@cvs.openbsd.org	2025/08/10 23:26:51

Added files:
	openssh        : pq.html 

A new opportunity for you to help improve the upcoming OpenBSD 7.8 release has turned up. If YOU have a USB webcam you are using or would like to use with our favorite operating system, Kirill Korinsky (kirill@) would like to hear from you after testing recent snapshots.

Kirill's message to misc@ reads:

Subject:    Call for testing: USB webcams
From:       Kirill A. Korinsky <kirill () korins ! ky>
Date:       2025-08-06 13:27:31

misc@,

the latest snapshots for amd64 and arm64 (I haven't checked other
architectures) include my recent changes to add support for H.264 streams
from USB webcams.

Development of important software sometimes happens without fanfare. If not for one of our editors noticing by watching commits, we would have missed the fact that Damien Miller (djm@) recently added a couple of notable features to OpenSSH:

The WiFI 802.11 standards are a gnarly lot, and checking for compatibility of the various sub-specifications has been known to drive even seasoned OpenBSD developers to the brink of distraction.

Now Stefan Sperling (stsp@) is airing a possible improvement in compatibility checks via a message to tech@ titled "fix net80211 802.11g compatibility check", saying

List:       openbsd-tech
Subject:    fix net80211 802.11g compatibility check
From:       Stefan Sperling <stsp () stsp ! name>
Date:       2025-07-31 10:26:18

I have a WIP fix for qwx which relies on ieee80211_iserp_sta() to
detect whether an AP supports 802.11g, rather than 802.11b only.

And I encountered an access point which qwx could not connect to when
my WIP fix is applied.