Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.
Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:
We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.
Author: Dearbail Jordan
Recommended by: Shannon Davis (LinkedIn)
Why we like it: “Platforms are increasingly embracing AI‑powered age verification—video selfies, facial‑age estimation, or ID scans—framed as necessary for child protection. While those collecting the data promise deletion after a few weeks, that initial biometric capture still represents a stark shift toward surveillance, eroding the privacy expectations of users. With widespread under‑age lying and likely platform migration, these systems may prove ineffective, while normalizing gatekeeping and data collection across the digital landscape. The broader risk: what starts as child safety could quietly expand into routine identity checks, undermining anonymity and fostering a precedent of biometric oversight for everyday online interactions.”
Author: Rohit KVN
Recommended by: Mark Stricker (LinkedIn)
Why we like it: “Google’s AI agent Big Sleep just proved it’s anything but sleepy—spotting a critical zero-day (CVE‑2025‑6965) before hackers even knew it existed. The AI arms race is on. Score 1 for the blue team, but the battle continues!”
Author: Bruce Schneier
Recommended by: Warren Myers (LinkedIn)
Why we like it: "Can we build an integrous network in a world of integrity failures?”'
Author: Annika Burgess
Recommended by: Lauren Stemler (LinkedIn)
Why we like it: "I’ve been keeping an eye on Scattered Spider because they’re not just hitting random companies, they’re going after high-stakes industries like transportation and telecom. While they’re less technically sophisticated than some hacker groups, their social engineering tactics have caused real-world chaos. As their methods evolve, even large companies are struggling to stay ahead.”
Author: Eduard Kovacs
Recommended by: James Hodgkinson (LinkedIn)
Why we like it: “The news about a so-called “16 billion credential” data breach is a perfect reminder of why cybersecurity professionals need to be discerning about where they get their information. The story made big waves, but it turns out it was mostly recycled data with little real evidence behind it. Still, a lot of people and even companies ran with it anyway. In security and in journalism, facts matter. Often, the best move is to pause, check the details, and look to corroborate information from trusted sources."
Author: Matt Burgess
Recommended by: Tamara Chacon (LinkedIn)
Why we like it: “AI “nudify” websites are quietly raking in millions by generating nonconsensual nude images—and they’re growing fast. The article from Wired discusses how these platforms rely on the same tech infrastructure trusted by billions, making them harder to shut down. Despite clear violations, enforcement from major providers remains slow and inconsistent. As the industry expands, lawmakers and tech companies are scrambling to respond—but is it already too late to stop the damage?”
That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:
Splunk Threat Research Team (STRT)
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.