Cyber criminal informants prove to be as blowback-prone as regular wiseguy snitches. "Sabu" provides exhibit A: the New York Times reports that while he was an FBI informant, Sabu continued to exploit zero-days, some against Brazilian, Syrian, and Iranian government sites.
Enterprises continue to mop up Heartbleed. Many Android apps remain leaky, but some are found protected, ironically, by a common implementation coding error. The number of direct exploits still seems small in comparison with the scope and potential of the vulnerability. Clean-up itself presents at least two problems: some fragile SSL implementations have been disabled when scanned for Heartbleed, and the frenzy to find and close Heartbleed holes has provided hackers with useful misdirection, particularly in attacks on US universities. And, of course, Heartbleed continues to provide useful phishbait to spammers.
The unrelated but very large We_heart_it diet spam campaign has oozed from AOL over to Twitter. Its origins remain obscure, but it's become a significant nuisance.
Many US physicians have suffered identity theft recently, which, Krebs suggests, hints at problems in some commonly used service.
Bkav claims to have found serious vulnerabilities in Amazon's Cloud IaaS Service.
Medical devices and maritime shipping remain, sector analysts say, dangerously open to cyber attack even though the worst bogeymen have yet to materialize. Electrical utilities move toward a consensus that cyber risks are more serious than physical ones.
Insurers find many retailers remain oblivious to cyber risk. Financial analysts warn against cascading effects of widespread failure to insure against cyber losses.