Post mortems on the OPM breach continue, with many observers noting that OPM has had the reputation of being a "soft target" since at least 2007. (Even President Obama seems to agree, in a left-handed way, commenting on his Administration's determination to fix "known vulnerabilities.) Lack of network self-awareness, poor change management and configuration control, slack vulnerability scanning, lack of two-factor authentication, encryption failures, etc., combine to make the breach, as Threatpost puts it, "no shocker."
Some criminals or intelligence services (and everyone's looking at you, China) appear to be systematically collecting personally identifiable information on as many Americans (particularly but not exclusively in the Government) as possible. Most observers agree the US should be looking to "impose costs," as the FBI puts it. See Recorded Future for an interesting timeline of bulk PII hacks.
Elsewhere the Syrian Electronic Army defaces the US Army's principal public website with an unclear message apparently accusing the US of complicity with ISIS insurgency against Syria's Assad. The US Army takes the site down for repair. And Moroccan Islamist hacktivists hit Serbia's Washington embassy with cyber vandalism clarifying their essential commitment to peace.
Medical devices are now clearly hackable, greatly expanding healthcare organizations' already large attack surfaces.
Critical infrastructure — nuclear power, oil and gas, industrial control systems — gets a look at several cyber security conferences.
The OPM hack prompts much interesting discussion of story stocks.
Also interesting are recent R&D announcements: university researchers will map terror networks, and DARPA taps CyberPoint for space/time analysis.