Security Staff Picks To Read This Month, Handpicked by Splunk Experts
Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.
Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:
- Cybersecurity news
- InfoSec and computer security
- Threat hunting and detection engineering
- AI & security
- Risk management
- Emerging trends
- And much more!
We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.
Security Articles To Read in December 2025
The Golden Scale: 'Tis the Season for Unwanted Gifts
Author: Matt Brady
Recommended by: Audra Streetman (LinkedIn)
Why we like it: “The Unit 42 blog on the new ShinySp1d3r ransomware from Scattered LAPSUS$ Hunters highlights how weak third-party dependencies can quickly become entry points for widespread compromise. As adversaries shift from data theft to full ransomware-as-a-service operations, organizations must rigorously evaluate third-party risk and maintain visibility into token abuse and compromised OAuth or SaaS credentials. The report also notes a growing trend of cybercriminal groups soliciting disgruntled or financially motivated insiders to help enable these intrusions. Overall, the blog serves as a timely reminder that effective defense requires going beyond perimeter security to include supplier vetting, identity-and-access governance, and proactive insider-risk monitoring.”
Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign
Author: Ravi Lakshmanan
Recommended by: Mark Stricker (LinkedIn)
Why we like it: “According to Anthropic, state sponsored hackers used Claude to launch a cyberattack using Agentic AI. This article is a good summary of how this attack worked. This may be the first of many such attacks. Buckle your seatbelts, cyberwarriors!”
Scam Ads Are Flooding Social Media. These Former Meta Staffers Have a Plan
Author: Craig Silverman
Recommended by: Tamara Chacon (LinkedIn)
Why we like it: “This article from WIRED delves into the growing problem of scam ads flooding platforms like Facebook and Instagram. The article spotlights a group of former Meta staffers who are teaming up to fight back against these deceptive ads that put users at risk. It uncovers why scam ads are so hard to stop, the impact on everyday users, and how these industry veterans are working on innovative solutions to clean up social feeds.”
More Security Recommendations & Resources
That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:
Splunk Security Teams To Follow
SURGe
Cisco’s Foundation AI
Splunk Threat Research Team (STRT)
More Recommendations
Related Articles
Predicting Cyber Fraud Through Real-World Events: Insights from Domain Registration Trends
When Your Fraud Detection Tool Doubles as a Wellness Check: The Unexpected Intersection of Security and HR
Splunk Security Content for Threat Detection & Response: November Recap
Security Staff Picks To Read This Month, Handpicked by Splunk Experts
Behind the Walls: Techniques and Tactics in Castle RAT Client Malware
AI for Humans: A Beginner’s Field Guide
Splunk Security Content for Threat Detection & Response: November 2025 Update
Operation Defend the North: What High-Pressure Cyber Exercises Teach Us About Resilience and How OneCisco Elevates It
