The US released, publicly, revisions to the Vulnerabilities Equities Process (VEP), the policy that governs when and under what circumstances US agencies (in the Intelligence Community, for the most part, especially NSA) will disclose zero-days they discover. The principal effects of yesterday's White House announcement, which has received generally positive reviews, are said be a move toward greater transparency, more accountability, and better stakeholder representation in the process.
Observers see a recent increase in North Korean cyber op-tempo as a possible indication that Pyongyang is preparing to wage a wider cyberwar.
Questions about leaks from NSA (mostly those peddled by the Shadow Brokers) lead to speculation about a mole or moles remaining on the payroll at Fort Meade. Kaspersky Lab (hardly a disinterested party but not to be dismissed out of hand, either) releases the results of an internal study that suggests the much-discussed NSA worker's laptop that was protected by Kaspersky software was in fact riddled with other malware, and that such malicious code, not a Kaspersky security product, was the root cause of any compromise.
Armis Labs reports that Amazon Echo and Google Home are both susceptible to the Bluetooth vulnerability reported earlier this fall as BlueBorne.
Google's Play Store has seen a wave of malicious apps that have succeeded in bypassing the safeguards Mountain View has put in place to protect the store. Dr.Web, Malwarebytes, and McAfee have reported finding three new families of Android malware. ESET has discovered some multi-stage, evasive malware lurking in innocent-appearing apps.