The Chinese government escalates its cyber campaign against Hong Kong dissidents.
ISIS continues to enjoy success in social media.
Reports say that Pakistan is deploying FinFisher intercept tools against Indian officials. Other Pakistani hackers, the non-governmental skids of MaDLeets, vandalize Google's Indonesian domain to no apparent purpose.
Yahoo, it turns out, was not affected by the Shellshock vulnerability as early reports suggested — other, unrelated bugs were exploited. They're now patched, the company says. (BankInfoSecurity, whose article appeared before Yahoo finished investigating its vulnerabilities, offers a useful rundown of ways in which Shellshock is being exploited.)
The JPMorgan hack continues to exercise banks and their regulators in the US, the UK, and elsewhere. New York State bank regulator Benjamin Lawsky hopes cyber insurance will provide the sort of forcing function for cyber security that fire insurance did for building codes.
Eastern European cyber gangs have deployed a new family of malware, "Tyupkin," that enables them to extract cash from ATMs without using a stolen or forged card.
Ransomware is said to have knocked out Australian Broadcasting Corporation News for thirty minutes Monday.
AT&T discloses an insider breach and fires the malefactor responsible.
Analysts discuss whether researchers did a good thing in releasing BadUSB before a fix was available. The researchers, who say they wished to force vendors into better security, have released their own fix, but as this involves epoxy on a USB drive, many are reluctantly driven to skepticism.
Bugzilla gets a patch. Apple updates XProtect against the iWorm botnet.