There appear to be at least two spearphishing campaigns running that either target EFF people (apparently run by Iran, as it also goes after Iranian dissidents) or spoof an EFF email (which looks like the work of Russian security services).
DD4BC denial-of-service extortionists grow more troublesome, attracting both researcher and law enforcement attention.
Kaspersky notes a rise in superuser mobile exploits. CloudLock observes that privileged accounts cause most (75%) of the problems in cloud environments.
Symantec publishes an update and retrospective on the Regin spyware toolkit, suggesting that it will serve as a template for advanced threats yet to be developed.
Krebs believes he's got a preliminary person-of-interest in the AshleyMadison hack. (Cluley suggests the real mystery of the breach is why you'd sign up for the service with their work email.) Avid Life's CEO steps down in atonement for the hack (if not the business model).
Mozilla updated Firefox, BitTorrent patches a denial-of-service amplification vulnerability, and Adode pushes a hotfix to a ColdFusion flaw.
Observers note a legal trend, now that the US Federal Trade Commission seems greenlighted to regulate cyber security: enterprises may well be victims of hacking, but they need to be able to address suspicions of negligence when they're breached.
Los Alamos's quantum security device continues to generate buzz. (Other researchers wish haecceity could replace all other authentication modes.)
The US and China prepare for cyber talks. Some observers call for détente, others for deterrence (and note that the Great Firewall could be held at risk).