The Petya/Nyetya/NotPetya attack on Ukraine (with either intentional or collateral damage throughout most of the rest of the world) is tied more closely to Russian services as researchers find links to the BlackEnergy APT group.
In Ukraine itself the incident has moved into its law enforcement phase as police seize servers belonging to Intellect Service, the small "family owned" software outfit whose ME Doc accounting product appears to have been the initial source of Petya/Nyetya/NotPetya infestations. Intellect Service denies having anything to do with the attack, and says their code was clean when they released it.
A Bitcoin wallet associated with the campaign was emptied of the $10,000 it contained, and the apparent threat actors have made more noises about recovering your files, but caveat lector—consensus is that Petya/Nyetya/NotPetya was destructive in intent, and that the files it hit aren't coming back.
The shipping and logistics industry does some security introspection as sector leader Maersk returns more-or-less to normal. Self-examination surfaces uncomfortable insights.
Two cryptocurrency services—the Bithumb exchange and client-side Ethereum wallet Classic Ether—have come under attack. Bithumb users lost both Bitcoin and Ethereum; Classic Ether Wallet's website was hijacked.
Trend Micro has updates on SLocker ransomware—and it is actually ransomware—which is now mimicking WannaCry.
Researchers at Sucuri have found an SQL-injection flaw in a widely used WordPress plugin: WordPress Statistics.
H.I.G. Capital will acquire NCI for $283 million—said to represent a significant discount over the US Federal contractor's price at Friday's closing bell.