The US Department of Homeland Security warns hackers are scanning networks looking for Heartbleed holes. The Department is also investigating rumors that Heartbleed has already been used to attack encrypted communications of industrial control systems (the rumors are, it is stressed, unconfirmed).
CloudFlare believed late last week there was reason to think that private keys would prove inaccessible through Heartbleed, and so sensibly set up a public challenge to test the hypothesis. They found, contrary to expectations, that private keys were indeed accessible, and that the vulnerability is thus more dangerous than feared. It's also proving difficult to patch, as fixes often turn out to have undesirable (and cascading) collateral effects.
Bloomberg reported late Friday that the US NSA knew about, and exploited, Heartbleed for some time before the vulnerability was discovered and disclosed by Codenomicon researchers. The Office of the Director of National Intelligence and the White House categorically deny the claim.
Germany's DLR aerospace research center has come under sustained, persistent cyber attack. There's no attribution yet, but Deutsche Welle reports the Chinese government is suspected.
Israeli cyber vigilantes seek to out hacktivists responsible for attacks on Israel's networks and Websites. (They claim most attacks come from Malaysia and Indonesia.)
Anonymous woofs "OpSafeEdu," in which the hacktivists will redress (by attacks on schools) the many ills schools inflict on students.
The US Administration announces that its policy is one of "bias toward [zero-day] disclosure" (absent a national-security reason to exploit such zero-days).
Nigeria opens a cyber-crime enforcement unit.