Security Staff Picks To Read This Month, Handpicked by Splunk Experts

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

• Cybersecurity news 
• InfoSec and computer security
• Threat hunting and detection engineering
• AI & security
• Risk management
• Emerging trends
• And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts. 

Security Articles To Read in May 2025

Shorter Certificates are Coming!

Author: Scott Helme
Recommended by: James Hodgkinson (LinkedIn)

Why we like it: “It's great to see the industry calling out the risks of long certificate expiries and using that to push for automated renewals. Expired certificates are still a common cause of outages—sometimes obvious, sometimes quietly breaking backend services. This kind of pressure helps drive real improvement.”

The Sophos Annual Threat Report

AuthorSean Gallagher
Recommended by: Mick Baccio (LinkedIn)

Why we like it: “Just finished reading the new Sophos 2025 Threat Report - you'll definitely want to give it a read. It should be obvious to everyone that cybercrime is no longer just targeting large organizations. Main Street being the new frontline is disturbingly accurate. Ransomware crews, access brokers, and scammers have fully industrialized, and small orgs are feeling the pain. This report breaks it down with sharp analysis and real-world context. Tremendous hat tip to Sean Gallagher and the Sophos team behind this work. Solid research that helps all net defenders stay ahead.”

2025 Data Breach Investigations Report

Author: Verizon DBIR Team
Recommended by: Mick Baccio (LinkedIn) 

Why we like it:  The 2025 DBIR shows ransomware remains a major threat, with a rise in attacks and small businesses hit hardest. Exploited vulnerabilities surged, especially through VPNs and edge devices. Third-party risks doubled, reminding us why enforcing MFA across partners is essential. Human error continues to dominate breach causes, and GenAI tools are quietly leaking data through unmanaged use. Espionage is also on the rise, often with financial motives. The message is clear: controls, patching, vendor scrutiny, and threat modeling are more important than ever.”

Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation

Author: Kevin Townsend
Recommended by: Jeff Walzer  (LinkedIn)

Why we like it: Splunk can mitigate bot traffic issues by leveraging its advanced analytics and machine learning capabilities to detect anomalous patterns, identifying malicious bots through traffic analysis and predefined threat detection rules.”

Vibe Hunting: A Vision for Our Threat Hunting Future

Author: Damien Lewke
Recommended by: Sydney Marrone (LinkedIn)

Why we like it: “Damien captures what a lot of us in threat hunting have been thinking. The work is powerful, but it's often clunky and too manual. Instead of adding yet another AI assistant to summarize alerts, this idea leans into a more natural way of working by talking through a hunt and letting the AI help along the way. It's very practical and helpful for both new and experienced hunters. I also just really love the term 'vibe hunting.' Happy thrunting!”

Interlock ransomware evolving under the radar

Author: Sekoia TDR
Recommended by: Audra Streetman (LinkedIn)

Why we like it: “The ClickFix tactic of tricking users into running malicious commands through fake system prompts or CAPTCHA verifications is gaining traction. Last month, researchers at Sekoia reported that the North Korean threat actor Lazarus Group used this method to target job seekers in the crypto industry. Now, ransomware groups are also adopting the same deceptive approach.”

Smishing Triad: The Scam Group Stealing the World's Riches

Author: Matt Burgess
Recommended by: Tamara Chacon (LinkedIn)

Why we like it: This article is part of the Most Dangerous Hackers You've Never Heard Of series. In this installment, Matt Burgess investigates Chinese-speaking cybercriminal groups—most notably the “Smishing Triad”—who are running large-scale SMS phishing campaigns. These groups impersonate trusted institutions in over 120 countries, luring victims to fake websites to steal sensitive information. That data is then used to commit fraud through digital wallets like Apple Pay and Google Wallet.”

More Security Recommendations & Resources

That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

• Listen to The Security Detail Podcast
• Sign up for the SURGe Newsletter

Splunk Threat Research Team (STRT)

• Read original STRT research & blogs
• Get the latest Splunk Security Content (ESCU)

More Recommendations

• The PEAK Threat Hunting Framework 
• Must-Read Cybersecurity Books & Articles 
• Top Security Podcasts
• Cybersecurity & InfoSec Conferences and Events