Secretary of State Kerry says the US intercepted Russian command-and-control calls to Russian agents in Ukraine.
Iran is again reported to be upgrading its cyber offensive capabilities, placing the US energy sector and (curiously) US state governments in its crosshairs.
The Internet Explorer zero day currently being exploited is widely viewed as auguring oblivion for Windows XP. It's also bad news for IE, at least until Microsoft comes up with a patch: the US and UK governments both advise users to stay away from IE. India's governmental and banking sectors are also worried.
The AOL breach means, analysts say, that you should treat all email from AOL accounts as guilty until proven innocent.
Google's Chrome is measured for its ability to detect Heartbleed holes and is found wanting: Chrome is "blind to 98% of potentially compromised certificates."
Several old pieces of malware are upgraded to more dangerous forms, illustrating again the relative efficiency of the black market and its criminal R&D community.
Siemens is patching Heartbleed in its ICS/SCADA products. Apple quietly fixes its leaky Developer Center. Mozilla updates Firefox, Thunderbird, and Seamonkey.
The Financial Times runs a series of thoughtful, disturbing articles on international cyber risks to critical infrastructure, with threats mounted by both state and non-state actors. One interesting conclusion: the need for businesses to undertake effective common defense apart from what protection governments give them, valuable as that may be. Energy sector cyber risk continues to draw attention from policy-makers (and industry worries about a regulatory monoculture).