The Summer Cyber Reading List, Part 1: What Every Business Leader Should Be Reading to Stay Cyber Safe in 2025 

It’s impossible to deny: everyone’s work days are packed. Calendars are stuffed with in-person meetings, Zoom meetings, project updates ... actual work on projects ...  

With all that taking up our time, reading can become something that we relegate to the “when I have time” list. (And we all know nothing ever gets crossed off that list.) But that approach vastly underestimates the importance that regular reading plays in helping business leaders and cybersecurity professionals stay ahead of cyber criminals.  

While continuous learning is a critical way you can stay ahead of threats and protect your business, knowing what to read can be a challenge of its own. If we’ve all learned one thing in the internet age, it’s that you can’t trust everything on the internet. Plus, there’s simply an overwhelming amount of information to contend with. For that reason, we called our JSCM team together to help. Below, you’ll find some of our team’s preferred resources for staying ahead of threats.  

Industry leaders’ research 

JSCM Group works with a number of innovative cybersecurity solution providers. A crucial element in developing and maintaining top cybersecurity solutions is an exceptional research department. Here’s a selection of some of our team’s favorite recent articles and reports from our partners.  

Crowdstrike

Exposing the Blind Spots: CrowdStrike Research on Feedback-Guided Fuzzing for Comprehensive LLM Testing 

CrowdStrike researchers and data scientists have developed an innovative, feedback-guided fuzzing framework designed specifically for LLM security testing that moves beyond static templates. This ground-breaking dynamic approach combines real-time and offline fuzzing capabilities with a sophisticated multi-faceted evaluation system. 

Check Point

Check Point Research Warns of Holiday-Themed Phishing Surge as Summer Travel Season Begins 

As summer travel season kicks into high gear, cybercriminals are following the crowds online. Check Point Research (CPR) has uncovered a sharp spike in cyber threats tied to the hospitality and travel sector, with a 55% increase in newly created domains related to holidays and vacations in May 2025 compared to the same period last year. Of over 39,000 domains registered, one in every 21 was flagged as either malicious or suspicious. 

ZScaler

ZScaler ThreatLabz 2025 AI Security Report 

Enterprise AI adoption has skyrocketed over the past year, with a staggering 536.5 billion transactions from AI/ML applications observed in the Zscaler cloud—a nearly 40x surge year-over-year. This illuminating report explores how organizations are integrating, managing, AI usage, which applications are driving the most transactions, common data loss policy violations, and key blocking trends—shedding light on the delicate balance between AI-driven innovation and security. 

Palo Alto Security Advisories

Latest information and remediations available for vulnerabilities concerning Palo Alto Networks products and services. 

WatchGuard

Firewalls and VPS in the Line of Fire: How Exploits Are Evolving 

According to data from Google Threat Intelligence Group (GTIG) in 2024, 44% of zero-day attacks affected enterprise-focused technologies, compared to 37% in 2023. Moreover, most of these threats targeted security and network products, such as firewalls, virtual private networks (VPNs), and devices linked to cloud services. WatchGuard’s security experts detail what companies need to understand about how evolving vulnerability exploitation impacts their security posture and how to prepare for it. 

Cisco Duo

Why a security-first approach to IAM matters more than ever

When it comes to securing your organization, one thing is clear: identity and access management (IAM) is no longer just an IT task. It’s a critical component of your security strategy. Yet, for many organizations, IAM solutions have fallen short of delivering security as a foundational feature. 

In a recent Cisco survey of 650 IT and security leaders, 73% revealed that security is often an afterthought in identity infrastructure decisions, while 75% identified complexity in identity infrastructure as a key security challenge. In other words, security is taking a backseat in current solutions at the very same time that IAM is getting more difficult to secure.  

SentinelOne

Caught in the CAPTCHA: How ClickFix is Weaponizing Verification Fatigue to Deliver RATs & Infostealers

Threat actors are compromising websites and embedding fraudulent CAPTCHA images, leading to the delivery of malware and malicious code. This attack methodology is widely referred to as “ClickFix”. Victims are socially-engineered into solving a malicious challenge, leading to the execution of PowerShell code followed by additional payloads. 

Microsoft

Cyber Resilience Begins Before the Crisis 

Microsoft’s Deputy Chief Information Security Officer (CISO) for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents, particularly surrounding communications. Many companies have strong protocols in place for natural disasters such as earthquakes, fires, and floods. Yet when a cyberattack hits—often quietly, invisibly and without warning—many organizations find themselves scrambling. 

Stay tuned! In our next Summer Cyber Reading List, we’ll share our team’s favorite industry publications, websites, newsletters, and podcasts/YouTube accounts for maintaining their cybersecurity knowledge.