Security

October 01, 2025

2 Minute Read

Security Staff Picks To Read This Month, Handpicked by Splunk Experts

By Tamara Chacon

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

Cybersecurity news
InfoSec and computer security
Threat hunting and detection engineering
AI & security
Risk management
Emerging trends
And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.

Security Articles To Read in September 2025

Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages

Author: Kush Pandya, Peter van der Zee, Olivia Brown
Recommended by: Audra Streetman (LinkedIn)

Why we like it: “Socket Research Team’s update on the “Shai-Hulud” campaign is a must-read. The post documents a deliberate supply chain intrusion that compromised CrowdStrike-published npm packages and nearly 500 total packages by poisoning tarballs and adding postinstall hooks that run TruffleHog, harvest developer and CI credentials, plant malicious GitHub Actions workflows, and exfiltrate data to a webhook. The strength of the piece is its timeline and seven-version diff, which shows a threat actor iterating for stealth and reliability and demonstrates real potential to pivot from developer laptops into CI pipelines.”

The Era of AI-Generated Ransomware Has Arrived

Author: Lily Hay Newman and Matt Burgess

Recommended by: Mark Stricker (LinkedIn)

Why we like it: “As AI gets more and more capable, especially in the coding domain, it's inevitable that hackers will use it. There are many places in the hacking lifecycle where it could be used - initial access, development of malware code, evasion of detection, etc. Hackers who lack the sophistication to write malware now may be able to do it with AI help. The defenders will have to stay one step ahead in the AI cybersecurity race.”

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails

Author: Idan Dardikman
Recommended by: Shannon Davis (LinkedIn)

Why we like it: "I believe this is the first case found where an MCP server is doing dodgy things (I’m sure there’s others out there). The article describes how the 16th version of an MCP server had a single line of code inserted to BCC all emails flowing through it to an email address. This isn’t anything super sophisticated, but shows us two things. MCP servers hold lots of power and need to be audited to make sure they’re not doing things you don’t want them to do. And supply chain weaknesses aren’t going away anytime soon.”'

How Passkeys Work—and How to Use Them

Author: Jacob Roach
Recommended by: Tamara Chacon (LinkedIn)

Why we like it: “If you’ve been hearing about a “password-free future,” passkeys are at the heart of it. This blog from WIRED breaks down what they are, how they work across your devices, and why they might finally replace the password for good. The article explores why tech giants are pushing this shift and what it means for your online safety—without diving too deep into the technical weeds. It’s a quick, eye-opening read that will make you rethink how you log in today.”

More Security Recommendations & Resources

That rounds out this month's security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

Splunk Threat Research Team (STRT)

More Recommendations

Threat Hunting with Splunk: Hands-on Tutorials for the Active Hunter

Curious about threat hunting in Splunk? Wanna brush up on your baddie-finding skills? Here's the place to find every one of our expert articles for hunting with Splunk.

Security 8 Min Read

Truth in Malvertising?

The Splunk SURGe team tests the veracity of the findings from LockBit's February 2021 study on ransomware encryption speeds.

Security 8 Min Read

The Final Shell: Introducing ShellSweepX

The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.

Learn more about Splunk

Subscribe to our blog

Get the latest articles from Splunk straight to your inbox.

Connect with Splunk on X

Follow @Splunk

Connect with Splunk on Instagram