Kaspersky Labs explains why they think the Shadow Brokers have dumped Equation Group code in their come-hither teaser: Kaspersky sees an unusual implementation of RC5/RC6 as sufficiently idiosyncratic to flag the leak as genuine. Note that Kaspersky hasn't explicitly said the Equation Group is NSA, but most observers believe it is. Note too that such evidence is, inevitably, circumstantial.
Comae found an email account it thinks is connected to the Shadow Brokers. Motherboard reached out to Tutanota, the account's service provider, but Tutanota really can't say very much about any customers. Their service promises a relatively high degree of anonymity, and Tutanota wouldn't be interested in helping anyone deanomymize a client. Besides, German privacy law has their back.
Speculation about the leakers inevitably turns to Russia. Tensions between that country and the US have been rising, and (as Edward Snowden tweets) it's more noteworthy that the intrusion has been made public than that it was made at all. It strikes him, and others, as of a piece with the DNC-related hacks. Thomas Rid calls it a big "middle-finger" hoisted in the Americans' direction. Others have much to say about a cyber Cold War.
Coincidentally or not, NSA's public website was out for a day, recovering yesterday evening. Fedscoop reports an anonymous source said the site was down temporarily in connection with an internal review.
Neustar has released a study on how Domain Name System Security Extensions (DNSSEC) can be exploited in DDoS attacks.
The ransomware black market shows continued vigor.