Mac users cannot validate McAfee apps they wish to install on their devices—a McAfee administrator inadvertently revoked the necessary digital key early last week—and they'll have to wait for McAfee to complete resigning its apps. (Some users report being told to "just allow untrusted certificates," but McAfee brass is quick to disavow such rash advice.)
The Adobe zero-day is implicated in a recent spearphishing campaign against aerospace companies. (One vector was a widely circulated IEEE conference schedule.) Other infected pdfs used a decoy document technique—after infection was complete, the vector replaced itself with an innocent version, thereby covering the attacker's tracks. Adobe's workaround—use Protected View—works for Windows, but Mac and Linux users have no good alternatives yet.
A Trustwave study points out that many attacks take months to detect, and here's an example: the Los Angeles Times' "Offers and Deals" sub-domain began redirecting visitors to the Blackhole exploit kit back on December 23, 2012.
China's Uyghurs—often out-of-favor with the government—experience a spike of spearphishing attacks. Social media, including Twitter and Facebook, are being used elsewhere for phishing. Raytheon's RIOT social media surveillance tool continues to spook international media.
ENISA thinks cloud computing holds great promise for critical infrastructure protection. (For counterpoint, see Bruce Schneier on security's return to a feudal model.)
US President Obama's cyber executive order seems to pass muster with privacy advocates (like the ACLU), but others see it as indefinitely expanding the definition of "critical infrastructure" and misapplying risk analysis.