Security Staff Picks To Read This Month, Handpicked by Splunk Experts

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

• Cybersecurity news 
• InfoSec and computer security
• Threat hunting and detection engineering
• AI & security
• Risk management
• Emerging trends
• And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts. 

Security Articles To Read in December 2025

The Golden Scale: 'Tis the Season for Unwanted Gifts

Author: Matt Brady
Recommended by: Audra Streetman (LinkedIn)

Why we like it: “The Unit 42 blog on the new ShinySp1d3r ransomware from Scattered LAPSUS$ Hunters highlights how weak third-party dependencies can quickly become entry points for widespread compromise. As adversaries shift from data theft to full ransomware-as-a-service operations, organizations must rigorously evaluate third-party risk and maintain visibility into token abuse and compromised OAuth or SaaS credentials. The report also notes a growing trend of cybercriminal groups soliciting disgruntled or financially motivated insiders to help enable these intrusions. Overall, the blog serves as a timely reminder that effective defense requires going beyond perimeter security to include supplier vetting, identity-and-access governance, and proactive insider-risk monitoring.”

Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign

Author: Ravi Lakshmanan  
Recommended by: Mark Stricker (LinkedIn) 

Why we like it: “According to Anthropic, state sponsored hackers used Claude to launch a cyberattack using Agentic AI. This article is a good summary of how this attack worked. This may be the first of many such attacks. Buckle your seatbelts, cyberwarriors!”

Scam Ads Are Flooding Social Media. These Former Meta Staffers Have a Plan

Author: Craig Silverman
Recommended by: Tamara Chacon (LinkedIn)

Why we like it: “This article from WIRED delves into the growing problem of scam ads flooding platforms like Facebook and Instagram. The article spotlights a group of former Meta staffers who are teaming up to fight back against these deceptive ads that put users at risk. It uncovers why scam ads are so hard to stop, the impact on everyday users, and how these industry veterans are working on innovative solutions to clean up social feeds.”

More Security Recommendations & Resources

That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

• Listen to The Security Detail Podcast

Cisco’s Foundation AI 

• Read original blogs and team newsletter

Splunk Threat Research Team (STRT)

• Read original STRT research & blogs
• Get the latest Splunk Security Content (ESCU)

More Recommendations

• The PEAK Threat Hunting Framework 
• Threat Hunters Cookbook
  
• Must-Read Cybersecurity Books & Articles 
• Top Security Podcasts
• Cybersecurity & InfoSec Conferences and Events