Defense One thinks Ukraine has already lost its cyber war with Russia. (But don't expect a cyber ceasefire short of peace breaking out.) Libyan hackers cyber-riot across the Egyptian border.
Beyond these ongoing conflicts in cyberspace, three major vulnerabilities are being exploited in the wild. The first, an Adobe Flash zero day, has a political dimension to it: the bug is being used to distribute malware through a watering hole established at a Syrian government site whose nominal purpose is to provide a vehicle for citizens to "complain about law and order issues." Windows users among Syrian dissidents are the first victims, but the effects aren't confined by citizenship or OS: anyone hitting infected sites is vulnerable, and OS X and Linux systems could also be compromised. Adobe has been quick to patch Flash.
The second zero day affects all current versions of Microsoft's Internet Explorer. The active campaign, "Clandestine Fox," is worrisome, and US-CERT advises all users to avoid Internet Explorer until it's patched. Microsoft has published mitigations and is working on a fix.
The third vulnerability, with its origin in an AOL data breach, has been exploited in very large spam campaigns (including "zombie spam" spoofing large numbers of discarded AOL addresses). AOL advises changing passwords.
ZDNet consults RAND's recent study and concludes that hackers often face little risk of prosecution. Gray- or black-market vulnerability sellers notably seem to go unprosecuted.
Insurers continue to see most cyber risk in the energy sector.
The White House talks vulnerability disclosure.