WikiLeaks is apparently opening its own version of the Vulnerability Equities Process, offering to share what it says it learned from the Vault 7 leaks with affected software vendors. Companies are advised by US authorities that receiving classified information puts them on legal thin ice.
Some of the anti-virus companies mentioned in Vault 7 as having tough-to-bypass products, notably Bitdefender and Comodo, aren't being shy about letting prospective customers know their reputations as (to quote one leaked remark) "a pain in the posterior."
There's now some speculation about where WikiLeaks got the material it released in Vault 7. WikiLeaks itself says its source was a former US government "hacker." The Voice of America says a US intelligence official commented, on background, that there are some indications the leak came from a CIA contractor. A Federal criminal investigation is in progress.
Predictably, the Chinese government has admonished the Americans in a high-minded way that the US really ought to stop spying.
The Apache Struts remote code execution vulnerability is being actively exploited. Enterprises should patch.
Observers cast doubt on claims that US cyberattacks interfered with North Korean missile test launches.
Trend Micro and Interpol have an interesting report on West Africa's cybercriminal underground. The crooks divide essentially into two categories: "Yahoo Boys" (devoted to lonely-hearts, stranded traveler, and advance fee scams) and "next-level cybercriminals" (more sophisticated financial fraud and business email compromise capers). Both groups are adept at social engineering, although the Yahoo Boys do tend to engineer relatively naive marks.