The US would, in the name of better information operations, like news organizations to refrain from running ISIS-supplied b-roll. Observers think ISIS is "disrupting" (in the business-school sense of the word) the Internet as a terrorist tool, essentially replacing tight command-and-control with inspiration and general communication of intent. (Scharnhorst would have recognized this as a version of Auftragstaktik.)
root9B makes a large claim: early detection and exposure induced a Russian cyber-mob to call off a major attack on Western banks.
Other security companies turn their attention to Chinese cyber operations, said to be showing fresh zeal in targeting nations around its coveted South China Sea. (Nepal figures on some target lists, which suggests "vicinity" is understood expansively, as if one called Slovakia a Baltic nation.) Onapsis thinks SAP exploitation figured in last year's hack of security-investigation contractor USIS. Cylance reports the reappearance of Chinese threat-actor SPEAR (and offers some glum Darwinian reflections on selection pressures driving threat adaptation).
The VM-escape-enabling bug VENOM received due scrutiny. While anything that permits what VENOM allows is a serious vulnerability and must be addressed, consensus holds that panic is unwarranted. No exploitation has been observed in the wild, and a VENOM attack would require either compromised administrator accounts or a rogue administrator. (Both compromised admin accounts and rogue insiders happen, of course, so take prudent steps as outlined in discussions linked below.)
The former chair of the US House Intelligence Committee seeks to make everyone's flesh creep by warning of a Sino-Russian "alternative Internet."