Al Qaeda and Daesh escalate virtual swipes at one another, but without so far upping the ante beyond insults.
FireEye points out that data lost in the US OPM breach have yet to turn up in the black market, which seems to confirm that the threat actor was, as generally believed, a state intelligence service, not a criminal gang. Signs still of course indicate China. (US DNI Clapper, asked if the CIA pulled its officers from Beijing, answers tersely, "No.")
More notes appear on Russian cable-cutting capabilities, and the range of possible US Navy responses.
Zerodium announced yesterday that it's going to pay some researchers $1million for an iOS 9 exploit, which Zerodium characterizes as a "jailbreak." Zerodium will share the vulnerability with its customers ("major corporations in defense, technology, and finance," who are presumably looking for protection, and "government organizations in need of specific and tailored cybersecurity capabilities," widely assumed to be looking for offensive capabilities).
Criminals are tailoring ad-blockers to accomplish drive-by attacks: Irish advertising analytics company PageFair appears to be target zero (and claims to have quickly contained the attack).
Good news, bad news for Microsoft ESET: it gets very high reviews in tests of security products; on the other hand it can apparently be bypassed using Microsoft compatibility tools.
"KeeFarce" hacking tool is said to be able to compromise KeePass password manager.
Data stolen from TalkTalk has turned up for sale in the black market.
UK surveillance legislation advances: a "license to operate" (not to kill).