Security

August 01, 2025

3 Minute Read

Security Staff Picks To Read This Month, Handpicked by Splunk Experts

By Tamara Chacon

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

Cybersecurity news
InfoSec and computer security
Threat hunting and detection engineering
AI & security
Risk management
Emerging trends
And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.

Security Articles To Read in August 2025

Reddit starts verifying ages of users in the UK

Author: Dearbail Jordan
Recommended by: Shannon Davis (LinkedIn)

Why we like it: “Platforms are increasingly embracing AI‑powered age verification—video selfies, facial‑age estimation, or ID scans—framed as necessary for child protection. While those collecting the data promise deletion after a few weeks, that initial biometric capture still represents a stark shift toward surveillance, eroding the privacy expectations of users. With widespread under‑age lying and likely platform migration, these systems may prove ineffective, while normalizing gatekeeping and data collection across the digital landscape. The broader risk: what starts as child safety could quietly expand into routine identity checks, undermining anonymity and fostering a precedent of biometric oversight for everyday online interactions.”

Google's AI agent Big Sleep detects first major cybersecurity vulnerability

Author: Rohit KVN

Recommended by: Mark Stricker (LinkedIn)

Why we like it: “Google’s AI agent Big Sleep just proved it’s anything but sleepy—spotting a critical zero-day (CVE‑2025‑6965) before hackers even knew it existed. The AI arms race is on. Score 1 for the blue team, but the battle continues!”

The Age of Integrity

Author: Bruce Schneier
Recommended by: Warren Myers (LinkedIn)

Why we like it: "Can we build an integrous network in a world of integrity failures?”'

What we know about Scattered Spider, the hacker group targeting airlines

Author: Annika Burgess
Recommended by: Lauren Stemler (LinkedIn)

Why we like it: "I’ve been keeping an eye on Scattered Spider because they’re not just hitting random companies, they’re going after high-stakes industries like transportation and telecom. While they’re less technically sophisticated than some hacker groups, their social engineering tactics have caused real-world chaos. As their methods evolve, even large companies are struggling to stay ahead.”

Man Who Hacked Organizations to Advertise Security Services Pleads Guilty

Author: Eduard Kovacs
Recommended by: James Hodgkinson (LinkedIn)

Why we like it: “The news about a so-called “16 billion credential” data breach is a perfect reminder of why cybersecurity professionals need to be discerning about where they get their information. The story made big waves, but it turns out it was mostly recycled data with little real evidence behind it. Still, a lot of people and even companies ran with it anyway. In security and in journalism, facts matter. Often, the best move is to pause, check the details, and look to corroborate information from trusted sources."

AI ‘Nudify’ Websites Are Raking in Millions of Dollars

Author: Matt Burgess
Recommended by: Tamara Chacon (LinkedIn)

Why we like it: “AI “nudify” websites are quietly raking in millions by generating nonconsensual nude images—and they’re growing fast. The article from Wired discusses how these platforms rely on the same tech infrastructure trusted by billions, making them harder to shut down. Despite clear violations, enforcement from major providers remains slow and inconsistent. As the industry expands, lawmakers and tech companies are scrambling to respond—but is it already too late to stop the damage?”

More Security Recommendations & Resources

That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

Splunk Threat Research Team (STRT)

More Recommendations

Q&A Follow-Up: How Datev uses MITRE ATT&CK & Splunk in its SOC

Following our webinar with Datev on how they use MITRE ATT&CK & Splunk in its SOC, we compiled all of the questions left unanswered in this blog post. Read all of it here,

Security 8 Min Read

Detecting Lateral Movement Using Splunk User Behavior Analytics

The blog is to introduce lateral movement detection using Splunk User Behavior Analytics (UBA)

Security 5 Min Read

Securing DevSecOps - Threat Research Release October 2021

Learn how you can secure your development security operations with pre-built and tested Splunk detections and automated playbooks.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.

Learn more about Splunk

Subscribe to our blog

Get the latest articles from Splunk straight to your inbox.

Connect with Splunk on X

Follow @Splunk

Connect with Splunk on Instagram