DigiNotar
Two days after Fox-IT's interim Operation Black Tulip report, and three days after ComodoHacker again claimed responsibility. 531+ fraudulent certificates from a Dutch CA that issues for the Dutch state.
Comodo
The day after the ComodoHacker pastebin. Nine fraudulent certificates issued through an Italian reseller, an Iranian source IP, and a structural problem in the certificate-authority trust model that is independent of who actually did this.
Stuxnet — second-pass analysis
More technical analysis of Stuxnet. The targeting of Iranian uranium-enrichment infrastructure becomes increasingly clear; the structural shift continues.