Security Staff Picks To Read This Month, Handpicked by Splunk Experts

Security Articles To Read in December 2025

The Golden Scale: 'Tis the Season for Unwanted Gifts

Author: Matt Brady
Recommended by: Audra Streetman (LinkedIn)

Why we like it: “The Unit 42 blog on the new ShinySp1d3r ransomware from Scattered LAPSUS$ Hunters highlights how weak third-party dependencies can quickly become entry points for widespread compromise. As adversaries shift from data theft to full ransomware-as-a-service operations, organizations must rigorously evaluate third-party risk and maintain visibility into token abuse and compromised OAuth or SaaS credentials. The report also notes a growing trend of cybercriminal groups soliciting disgruntled or financially motivated insiders to help enable these intrusions. Overall, the blog serves as a timely reminder that effective defense requires going beyond perimeter security to include supplier vetting, identity-and-access governance, and proactive insider-risk monitoring.”

Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign

Author: Ravi Lakshmanan
Recommended by: Mark Stricker (LinkedIn)

Why we like it: “According to Anthropic, state sponsored hackers used Claude to launch a cyberattack using Agentic AI. This article is a good summary of how this attack worked. This may be the first of many such attacks. Buckle your seatbelts, cyberwarriors!”

Scam Ads Are Flooding Social Media. These Former Meta Staffers Have a Plan

Author: Craig Silverman
Recommended by: Tamara Chacon (LinkedIn)

Why we like it: “This article from WIRED delves into the growing problem of scam ads flooding platforms like Facebook and Instagram. The article spotlights a group of former Meta staffers who are teaming up to fight back against these deceptive ads that put users at risk. It uncovers why scam ads are so hard to stop, the impact on everyday users, and how these industry veterans are working on innovative solutions to clean up social feeds.”