Cybersecurity Reading List - Week of 2025-03-04

In an effort to share not just what we’re observing on the net but what we’re reading and listening to elsewhere, the below links are provided as an abbreviated digest of media being passed around within our team as well as what we’re seeing in the security community at large. Quotes from the source will be in quotation marks; any commentary from me will be in italics.

Spring can’t arrive soon enough! In our DTI satellite office outside of Boston, the snow is just starting to melt, and my excuses for staying home to paw through logs are declining with it. Meanwhile the industry is seeing chaos on multiple fronts, and fortunes for the rest of the year are anyone’s guess. The latest threat actor name to make us all rethink TA naming schemes is “Sticky Werewolf” but as they say – deciding to unite all the protocols just results in one more protocol for the list. 

Awoo.

Recommended Cybersecurity Podcasts

Vulnerable U – Is DeepSeek a Cybersecurity risk? – A well-stated, reasonable assessment of DeepSeek risks, without hype or dismissal. Worth 13 minutes of your time.

Adversary Universe – China’s Cyber Enterprise Grows: CrowdStrike 2025 Global Threat Report 

Discarded – Hiding in Plain Sight: How Defenders Get Creative with Image Detection  

Must-Read Cybersecurity Articles and Blog Posts

InformationIsBeautiful – The Most Common 4-Digit PIN codes – Very shiny, but also I’m always thinking about ways to visualize the spectrum of security versus insecurity, and this is an interesting method.

SpyCloud – Properly Cleaning and Gutting Your Phish: How Cybercriminals Are Vetting Victim Data – Really interesting research by SpyCloud here on some patterns in the wild worth knowing about in order to not hit a brick wall while thrunting.

InfoBlox – The Many Faces of DNS Abuse – Good, ground-level review. Nothing earth-shattering but can help get folks up to speed.

Cisco Talos – Weathering the storm: In the midst of a Typhoon

SpyCloud – First of 2025: Trending Cybercrime News & Analysis

RiskyBiz – BlackBasta implodes, internal chats leak online – “The leaker said they shared the data after one of the BlackBasta affiliates launched brute-force attacks targeting Russian banks—a move the leaker didn’t agree with because they feared it would trigger an aggressive response from Russian authorities.” – A nice little peek behind the curtain. Also, starting to think that this is a wickedly effective disruption model for dealing with ransomware actors.

APNIC – Recent Cases of Watering Hole Attacks  

Krebs On Security – How Phished Data Turns into Apple & Google Wallets – Incredibly good researching and reporting, absolutely worth the read to connect a bunch of disparate dots so you know what you’re looking at when it comes up in practice.

Chainalysis – 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments

404 Media – Anyone Can Push Updates to the DOGE[.]gov Website

GBHackers – New Darcula 3.0 Tool Generates Phishing Kits to Mimic Global Brands

Bloomberg – Microsoft Cancels Leases for AI Data Centers, Analyst Says – Things may get even more interesting if this is an early sign of the AI bubble bursting.

Washington Post – UK Orders Apple to let it spy on users’ encrypted accounts – Apple deactivated Advanced Data Protection in the UK as a result, leaving everyone less secure.

Web3IsGoingGreat – Over $1.4 billion taken from Bybit crypto exchange – Multiple places confirming this was Lazarus now, no surprise.

APNIC – BGP Zombies at NANOG 93 

Latest Cybersecurity Research Papers, Reports, and Books 

Recorded Future – The Convergence of Space and Cyber – I haven’t met a security nerd yet that isn’t also a space nerd, so this dovetails nicely! But it will still be outshined by hacking an alien mothership with a macbook, ID4 respect.

GreyNoise – 2025 Mass Internet Exploitation Report – CVEs, pre-KEV exploitation, ransomware, defense, and more.

Crowdstrike – 2025 Global Threat Report

Veracode – State of Software Security 2025 report

Ron Deibert – Chasing Shadows – A book from the director of Citizen Lab? YES PLEASE.

Essential Cybersecurity Tools and Resources Tools and Other Resources

DEF CON – DEF CON 33 Call Index – “Contests, Events, Villages, Parties, Talks, Workshops, Vendors, Press, Music… and more!”

Black Hat – Black Hat Call for Papers

Electronic Frontier Foundation (EFF) – Atlas of Surveillance – “Documenting Police Tech in Our Communities with Open Source Research”