North Korean cyber operators are reported to be probing various US companies for vulnerability to attack. FireEye reports that it detected and stopped spearphishing attempts against utility company officers in late September. An attack on the North American power grid would of course be attractive to DPRK war planners, but doing so isn't as simple as zombie apocalypse tales might lead one to believe. ICS security firm Dragos, for one, regards the likelihood of a grid takedown as fairly remote.
Most of the press attention has understandably focused on targeting of electrical utilities, but the campaign is broader than that: Pyongyang appears interested in industrial control systems generally. South Korean sources are reporting an interesting twist on the North's approach to cyber operations. They think they're seeing hacktivism, which would seem difficult to foster in a country as closed and tightly controlled as the DPRK.
Revelations that Kaspersky security software appear to have been subverted into espionage tools prompt reflection on the risks anti-virus products present, given the access they typically require. This would seem an instance of the familiar dual-use problem (another instance would be the ease with which benign scanners could be converted into denial-of-service tools).
More inadvertent cloud exposures contribute to a growing mood of learned helplessness concerning personal and other sensitive data.
Google Home's Mini smart speakers appear to have been listening as well as speaking, and reporting conversations back to Mountain View. Google has patched to fix the privacy bug, but consumers find it unnerving.