The tally of states experiencing "hacking attempts" in the US is now up to twenty. For the most part the attempts as reported amount to reconnaissance, or sometimes theft of not-particularly-highly-sensitive (and sometimes publicly available anyway) voter data. There's growing awareness that one need not corrupt an election's data nationwide to affect its outcome. Carbon Black thinks attending selectively to Pennsylvania precincts could do the trick.
The IoT botnets used against OVH and KrebsOnSecurity should, a Los Angeles Times op-ed says, "terrify you." "Terrify" may be breathless, but the incidents represent a dramatic increase in criminal capability. Many devices herded into the botnets were security cameras. (A short primer on how security cameras are hackable may be found here.)
InfoArmor's study of the Yahoo! breach maintains those responsible weren't "state-sponsored," but rather criminals who subsequently sold their take to a nation-state. Some observers point out that in some parts of the world there's often very little daylight between criminals and security services.
The Tofsee botnet is newly active and "aggressive," reports Talos. Tofsee is spamming phishbait consisting of what's euphemistically called "adult dating" opportunities.
Flashpoint continues to keep an eye on the unfolding attempt by thedarkoverlord to extort money from a Californian investment company thedarkoverlord doxed.
Zerodium has upped its bounty for an iOS 10 remote jailbreak to $1.5 million. (This is not a conventional bug bounty—Zerodium is a zero-day broker.)
The European Union is shifting its cyber security export rules: more permissive with encryption, more restrictive on surveillance.