Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.
Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:
We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.
Author: NSBT Japan
Recommended by: Shannon Davis (LinkedIn)
Why we like it: The title makes you think Japan is taking off the gloves to aggressively target the bad guys, it's not that. Maybe it is a little bit, but only in certain circumstances. Japan is taking a measured approach to increasing its cyber security, while still maintaining its strict "secrecy of communication" measures. The Active Cyberdefence Law was passed on May 16th in Japan with 4 key provisions, Proactive Monitoring, Offensive Capabilities, Mandatory Reporting, and Privacy Safeguards. While they say it won't be fully rolled out until 2027, this is a great step by Japan in addressing some areas of weakness in its cybersecurity capabilities.”
AuthorBill Toulas
Recommended by: Kassandra Murphy (LinkedIn)
Why we like it: “A threat actor known as Hazy Hawk is hijacking forgotten DNS CNAME records that point to abandoned cloud services. By registering new cloud resources with the same names, they’re able to take over subdomains of trusted organizations including government agencies, universities, and major global companies. Once they control the subdomain, they generate a large number of malicious URLs that benefit from the legitimacy of the parent domain in search results.
This infrastructure is being used to distribute scams, fake apps, malicious ads, and phishing pages. Victims are funneled through traffic distribution systems that profile them to determine what kind of scam or redirection to serve. In many cases, users are tricked into enabling browser push notifications, leading to ongoing scam alerts even after they leave the site.
The issue comes down to organizations failing to properly clean up DNS records after cloud services are decommissioned. CNAME records are easy to overlook, making them a quiet but powerful tool for attackers. This is part of a growing trend of threat actors exploiting DNS misconfigurations to scale their operations while hiding behind trusted brands."
Author: Vanessa Taylor
Recommended by: Chris Perkins (LinkedIn)
Why we like it: "Surveillance’s detrimental psychological and mental health impacts are well-documented.”
Author: Felix Mehta
Recommended by: Jeff Walzer (LinkedIn)
Why we like it: "Introduces a novel method for detecting evasive malware implants that utilize sleep obfuscation—a technique where malware remains dormant and encrypted to evade detection. By leveraging the pre-installed Windows tool tttracer.exe, which records Time Travel Debugging sessions, defenders can capture the full execution of a process, including the decrypted state of the implant, thereby enabling effective analysis and mitigation.”
Author: Cristina da Gama
Recommended by: Mark Stricker (LinkedIn)
Why we like it: “This article discusses the rise of “Agentic AI” in cybersecurity—basically smart AI tools that can do a lot of the heavy lifting on their own. Instead of waiting for a human to tell them what to do, these systems can spot threats, sort through alerts, and even take action without constant hand-holding. It’s a big step up from older, rule-based tools. But while this sounds great for keeping up with today’s fast-moving cyber threats, the article also warns that we still need humans in the loop to make sure things don’t go sideways.”
Author: Kim Jones
Recommended by: Lauren Stemler (LinkedIn)
Why we like it: “I recently listened to an episode of CISO Perspectives that tackles a common but frustrating issue in cybersecurity: how are people supposed to get experience if every job already requires it? The conversation focuses on the cyber talent pipeline and whether true entry-level roles even exist anymore.
While I didn’t agree with everything in the episode, I found the perspectives from host Kim Jones and guest Kathleen Smith thought-provoking. They discuss how cybersecurity is often marketed as an accessible field, yet breaking in, especially at the entry level, has become increasingly difficult. They also explore the value of bootcamps and certifications, and how those compare to more traditional education paths.
The episode offers real-world examples and pushback that are worth considering, whether you’re hiring in this space or trying to break into it yourself."
Author: Omer Mayraz
Recommended by: Audra Streetman (LinkedIn)
Why we like it: “Researchers at Legit Security uncovered a remote prompt injection vulnerability in GitLab Duo, an AI assistant powered by Anthropic’s Claude that is designed to help developers with coding, security reviews, and merge request analysis. This vulnerability, which has since been remediated, underscores the potential risks of integrating AI tools into development workflows. These tools inherit the context they analyze, making every part of a project a potential vector for exploitation. Without the proper safeguards, malicious prompts embedded in source code, comments, or documentation can lead to unintended actions or data leaks."
Author: Andy Greenberg
Recommended by: Tamara Chacon (LinkedIn)
Why we like it: "The article by Andy Greenberg delves into the operations of Xinbi Guarantee, a platform that facilitated a vast array of illicit activities, including crypto-related scams and money laundering, primarily targeting Chinese-speaking users. Operating via Telegram, Xinbi Guarantee astonishingly was legally registered in Colorado, USA. The platform's model, similar to the Cambodia-based Huione Guarantee, required vendor deposits to supposedly ensure trustworthiness. Following inquiries from WIRED and prior research from crypto-tracing firm Elliptic, Telegram recently banned Xinbi and Huione channels. Despite these crackdowns, experts anticipate that such marketplaces may attempt to resurface, driven by the enormous criminal profits involved.”
That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:
Splunk Threat Research Team (STRT)
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.