A version of this post originally appeared in the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter.

Last week produced a spate of cyber-security news, including revelations about Yahoo (again) and lousy counter intelligence at the NSA (again). But if there is a common thread, it’s that first reports often are false or incomplete and the story is not what it seems.

Take the brouhaha over Yahoo using software to feed emails to the NSA. The news led to hyper-ventilating among privacy types and predictable high-horse behaviorf rom rival tech giants like Google and Microsoft. But as my colleague Robert Hackett explained, a lot of this fulminating took place before anyone really knew the facts — which are still emerging in dribs and drabs.

Meanwhile, journalists (me included) breathlessly reported another security lapse at Edward Snowden’s old stomping groups, Booz Allen, which led the FBI to arrest a contractor for stealing secrets. But now it turns out the guy was probably just a kook and a hoarder. It’s still not a good situation but it sure doesn’t look like the stuff of a John LeCarre novel.

Part of the trouble, from a media perspective, is that a lot of the incidents we learn about are delivered by anonymous sources and wrapped in national security laws. This makes it hard to verify information — easy to jump to conclusions.

So call it the fog of cyber war. In an era where everyone is amped up about cyber attacks, a lot of first impressions are tinged with paranoia and misinformation or are just flat out wrong. I don’t know what to do about this except to say that, as with other dramatic events like mass shootings, it’s best to take first reports with a giant grain of salt.