Symantec reports that the "Buckeye" group has obtained NSA cyber attack tools and used them against a variety of targets, including several US allies. Symantec doesn't call Buckeye Chinese intelligence services, but as close to everybody else does as to make no difference. The tools' use apparently antedates the ShadowBrokers' leaks by about a year, and there's speculation, the New York Times reports, that the code was captured and reverse-engineered when it was employed against Chinese networks.
Israel's airstrike against a Hamas cyber operations center continues to be seen by many as a radical shift in the nature of combat. ("The future is here and it features hackers getting bombed," as Foreign Policy puts it.) WIRED's more nuanced discussion sees the novelty in the near-real-time retaliation, and its public avowal by the Israeli government. But consider that, as cyber operations and electronic warfare converge, whether Gaza strike might be more like hitting an enemy jammer than something altogether new under the sun.
Not all retaliation is kinetic. Sometimes you jam the enemy emitter. Facebook just did so this week, taking down ninety-seven groups, pages, and accounts in an action against Russian "coordinated inauthenticity" deployed against Ukraine.
Don't tell Thanos, but Threatpost says a sketchy Avengers Endgame themed site that promises downloads of the movie is actually involved in credential harvesting. Don't go there; you don't want to get dusted.
Recorded Future takes a demystifying look at the dark web. There's bad stuff there, but it's a lot smaller than Mordor.