Egypt seems on the brink of a coup d'état, and observers speculate that the Army is watching President Morsi via lawful intercept tools including FinFisher and FinSpy.
Elsewhere in the Middle East sophisticated njRAT espionage malware appears to be conducting an intelligence preparation of the battlefield—governments, energy firms, and telecoms are targets in the United Arab Emirates, Oman, and elsewhere. njRAT deploys multiple surveillance vectors—keylogging, camjacking, reverse shells, etc.
Ubisoft alerts gamers to a breach that exposed usernames, email addresses, and encrypted passwords. Anonymous goes after lead-generation firm Relead. Litecoin joins Bitcoin as a target of cyber criminals.
Several dangerous threats and vulnerabilities surface. Darkleech malware is back in Apache web host servers, its mode of access still unclear. Cyber criminals are using Tor-based command-and-control. Vulnerabilities in often-overlooked baseboard management controllers are found to give attackers "almost physical" access to servers. Sophos dissects the Glazunov exploit kit family.
In terms of threat education, travelers should read IT World's account of what you expose when you use an unsecured Wi-Fi hotspot.
Players in the cybercriminal economy continue to boast a solid ROI. Selling fake Twitter followers, for example, is a multimillion-dollar business.
The PRISM affair continues, but the US military announces plans for a $23B cyber budget. The US continues its tu quoque reply to European critics of the NSA, which may be having effect—the Bolivian presidential plane was denied access to French and Portuguese airspace from fear it was carrying Snowden. The Guardian promises "bombshell" PRISM revelations.