ISIS still shows more information ops than cyber offensive capability, but there are signs it's groping toward acquiring the latter.
AnonGhost defaces a public US Air Force site with an anti-US, anti-Israel message.
The TV5 Monde hack continues to show the complexity of attribution: see Trend Micro's useful analysis, which includes the possibility of independent attacks.
The Bundestag's still remediating the (allegedly) Russian attack on its networks. The threat remains active, and remediation costs aren't trivial.
The big news in apparent state-sponsored hacking is Kaspersky's revelation that it found a Duqu variant (attributed by others, not Kaspersky, to Israel) on its own networks. Kaspersky thinks attackers exploited a kernel-mode driver flaw Microsoft patched this week in MS15-061. Attackers may have accessed the company's networks by phishing a satellite office's "non-technical" computer, exploiting CVE-2014-4148. Kaspersky also believes it's found signs the campaign was collecting information on international negotiations with Iran over that country's nuclear program.
Those interested in incident response planning, particularly public relations, may wish to note the positive reviews Kaspersky's disclosure has received.
Stuxnet also returns to the news, with reports it's affecting nuclear power generation.
The US House Energy and Commerce Committee asks the big-four browser companies about security issues government-owned Certificate Authorities (CAs) raise. Is it feasible, the Committee asks, to restrict government-owned CAs to their own Country Code Top-Level Domains (ccTLDs)? Would doing so enhance security? The pleasantly wonky inquiry uses France's ANSSI as an example, although one doubts France is the principal government of concern.