The hottest Cybersecurity Substack posts right now

And their main takeaways
Category
Top Technology Topics

My new book “Cyber for Builders" is now available on Amazon

Venture in Security 707 implied HN points 09 Jan 24
💼 Business Cybersecurity
  1. The book 'Cyber for Builders' is a comprehensive guide for building a cybersecurity startup.
  2. The book covers various aspects of cybersecurity industry including key players, trends, and essential insights for early-stage founders.
  3. The book has received praise from industry experts for its practical advice and guidance for navigating the complexities of building a cybersecurity company.

The Invisible Battlefield: AI, Cognitive Warfare, and the Battle for Your Mind (#PsyWar)

Who is Robert Malone 9 implied HN points 27 Feb 26
🕹 Technology Cybersecurity
  1. AI chatbots run on hidden system prompts and designer values, so their answers can consistently shape how people think and act like large-scale propaganda.
  2. Small, targeted data poisoning and RAG attacks can quietly make models give manipulated or false answers, and those poisoned signals are hard to detect and can spread across systems and future model generations.
  3. Treating cognition as an intelligence domain — COGINT and fifth-generation warfare — turns minds into a battlefield, so people and policymakers need epistemic sovereignty and institutions to protect information environments.

Security Is Not a VPN Problem

Security Is 59 implied HN points 01 Aug 24
🕹 Technology Cybersecurity
  1. VPNs used to be essential for online security, especially on public WiFi, but that's changed with HTTPS being widely available. Now, most websites encrypt your connection by default.
  2. While VPNs can protect your IP address and DNS queries, for most everyday users, these aren't major issues anymore. Modern browsers and services help keep our connections safe.
  3. Using a VPN isn't a priority for everyone, and it might not be worth the investment, especially for regular people who just want basic online protection.

BEAST at AWS re:Invent 2023

Thái | Hacker | Kỹ sư tin tặc 838 implied HN points 07 Dec 23
🕹 Technology Cybersecurity
  1. BEAST was recognized as the world's best web hacking technique of 2011 and led to advancements in internet security.
  2. The creation of BEAST resulted in the phasing out of insecure protocols like SSL 3.0 and the adoption of more secure TLS 1.3.
  3. The work on BEAST by the author and Juliano over a decade ago is still acknowledged at major conferences today, showcasing its lasting impact.

How EMV beat card skimming

Altay's Blog 2 HN points 29 Sep 24
🕹 Technology Cybersecurity
  1. EMV cards use chips and PINs for better security compared to older magnetic stripe cards, which are easy to skim and clone. This makes it harder for thieves to steal card information.
  2. Skimming is when criminals capture card details to create fake cards, usually by using devices at ATMs or stores. With EMV technology, the stolen data is less useful since it's protected by complex cryptographic keys.
  3. Even if someone hacks a card reader, they can't easily cash out fraudulent transactions because of built-in security checks that prevent misuse and create a paper trail back to the source.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

ChinAI #251: A surprise in the data on China's chip imports

ChinAI Newsletter 609 implied HN points 22 Jan 24
🕹 Technology Cybersecurity
  1. China's chip imports dropped for the first time in consecutive years due to geopolitical factors and increased demand in emerging industries like 5G and AI.
  2. China has been focusing on localizing chip production to reduce the trade deficit, with the self-sufficiency rate increasing from 16.6% in 2020 to 23.3% in 2023.
  3. In the past ten years, China's chip industry experienced significant growth, with chip imports and exports doubling in quantity and value.

Software's Iron Triangle: Cheap, Fast and Good - Pick Two

Resilient Cyber 39 implied HN points 14 Aug 24
🕹 Technology Cybersecurity
  1. Balancing quality in software is tough. You can have it cheap, fast, or good, but you can only pick two options.
  2. There's a big gap in information between software makers and users. Many users don’t really know what's in the software they use or how secure it is.
  3. The security of software often takes a back seat to speed and cost. This leads to issues where security measures are seen as extra costs, not necessities.

Cyber and Tech News of the Week

Vigilainte Newsletter 19 implied HN points 02 Sep 24
🕹 Technology Cybersecurity
  1. The US government has warned about a ransomware group that attacked Halliburton, urging companies to improve their security measures.
  2. Taylor Swift's concert tour inadvertently helped the CIA prevent a terrorist attack, showing how pop culture can link to national security.
  3. NIST is holding a contest for hackers to test AI systems, aiming to spot weaknesses and promote safety in technology development.

Resilient Cyber Newsletter #7

Resilient Cyber 59 implied HN points 30 Jul 24
🕹 Technology Cybersecurity
  1. The U.S. has released its first comprehensive report on cybersecurity, highlighting key risks like ransomware and the need for better incident preparedness.
  2. Many American companies are lacking strong cybersecurity leadership, which leads to vulnerabilities and incidents. Board members often need more expertise in digital systems.
  3. To secure cloud services and open source software, it's important to learn from past mistakes and implement better governance and security measures.

The government ordering Apple to break its encryption is stupid, counter-productive and unworkable

Odds and Ends of History 1340 implied HN points 10 Feb 25
🕹 Technology Cybersecurity
  1. The government's demand for Apple to break its encryption just doesn't make sense. It would create a security risk for everyone, not just criminals.
  2. End-to-end encryption is really important for keeping our data safe. If encryption is weakened, it puts everyone at risk of hacks and privacy violations.
  3. Tech companies like Apple might resist these government orders because it goes against their commitment to privacy. It's not just a principle; it also affects their business and user trust.

The Ethics of Cybersecurity

Rod’s Blog 615 implied HN points 17 Jan 24
🕹 Technology Cybersecurity
  1. Cybersecurity is crucial for protecting personal information, financial assets, intellectual property, critical infrastructure, and national security.
  2. Ethical considerations in cybersecurity include principles like confidentiality, integrity, availability, and justice.
  3. Balancing security and privacy involves strategies like risk-based approaches, data minimization, using encryption, respecting privacy rights, and staying informed about cybersecurity trends.

Resilient Cyber Newsletter #5

Resilient Cyber 79 implied HN points 16 Jul 24
🕹 Technology Cybersecurity
  1. CISA's Red Team was able to infiltrate a federal agency and remain undetected for five months, highlighting vulnerabilities in government cybersecurity practices.
  2. The U.S. Office of Management and Budget has published new cybersecurity priorities for FY26, focusing on modernizing defenses and improving open-source software security.
  3. Google is close to acquiring the cloud security company Wiz for $23 billion, a move that could strengthen its position against competitors like Microsoft and AWS.

Could 2025 see the largest cyberattack in history?

Marcus on AI 1462 implied HN points 03 Jan 25
🕹 Technology Cybersecurity
  1. There is a possibility that 2025 could experience a major cyberattack. This could be one of the biggest attacks in history.
  2. Generative AI might play a role in this cyberattack, highlighting its potential risks.
  3. Experts are discussing various unpredictable events that could impact life in 2025, with the cyberattack being one of them.

The Case for Ephemeral Resolvers: Securing the Global Namespace

Phoenix Substack 56 implied HN points 09 Jan 26
🕹 Technology Cybersecurity
  1. Make DNS resolvers ephemeral so attackers have at most a short window to exploit them; rotating instances every ~15 minutes evicts compromises before they can be weaponized.
  2. Leverage PowerDNS’s modular stack—dnsdist as a stable front, database-backed authoritative servers, and shared-memory for recursive state—to rotate backend workers quickly without cache cold-starts.
  3. At scale this model adds minimal overhead (under 2% CPU) and changes security from reactive patching to proactive eviction, greatly raising the cost and shortening the lifespan of zero-day attacks.

Palo Alto Networks Acquiring CyberArk: Offense or Defense?

Frankly Speaking 406 implied HN points 05 Aug 25
🕹 Technology Cybersecurity
  1. Palo Alto Networks is acquiring CyberArk to strengthen its position in identity security. Identity is now a key focus in protecting against cyber threats, which aligns with Palo Alto's strategy.
  2. This acquisition might be a defensive move to stabilize Palo Alto's growth as their previous expansions slow down. Instead of aiming for high-growth markets, they are opting for more stable, recurring revenue streams.
  3. There's potential that this acquisition will help Palo Alto generate cash flow that can be used for future investments in innovative, AI-driven security companies. It could be a stepping stone for bigger moves down the line.

Resilient Cyber Newsletter #1

Resilient Cyber 119 implied HN points 18 Jun 24
🕹 Technology Cybersecurity
  1. The SEC's case against SolarWinds could change how Chief Information Security Officers are viewed in the industry, potentially discouraging talented people from taking on these roles.
  2. Organizations need to actively prepare for cyberattacks through tabletop exercises, which can help teams respond better during real security incidents.
  3. Microsoft's cybersecurity issues have raised concerns regarding national security, highlighting the need for stronger security practices and accountability in tech companies.

The new threat model for AI

Frankly Speaking 457 implied HN points 16 Jul 25
🕹 Technology Cybersecurity
  1. With AI, the focus should shift from just stopping data theft to preventing manipulation. Instead of an attacker trying to steal information, they might want to influence decisions made by an AI system without being noticed.
  2. Security teams need to change their approach to monitoring. It's not enough to just track who accesses data; they should also keep an eye on how AI outputs are influenced by their inputs and the intent behind actions.
  3. As AI becomes integrated into systems, there will be a need for better prevention strategies, like robust logging and identifying who did what. This proactive approach will help maintain trust in AI decisions.

What Are Non-Human Identities and Why Do They Matter?

Resilient Cyber 159 implied HN points 28 May 24
🕹 Technology Cybersecurity
  1. Non-Human Identities (NHIs) are the machine-based accounts used in businesses, often outnumbering human accounts significantly. They include things like service accounts and API keys, which are essential for modern tech operations.
  2. NHIs are a major security risk since they can have lots of permissions and are often left unmonitored. This makes them a target for hackers looking to exploit weak points in security systems.
  3. It’s important for companies to have strong governance around NHIs. Without proper controls, these machine identities can lead to security gaps and make it easier for attackers to gain access to systems.

Resilient Cyber Newsletter #4

Resilient Cyber 79 implied HN points 09 Jul 24
🕹 Technology Cybersecurity
  1. Cybersecurity roles are becoming more competitive, and many people want to join the field. It's important to have standards, but we also need to make sure newcomers have a chance to enter the profession.
  2. There's a huge increase in cybersecurity vulnerabilities, making it harder for companies to keep up. Organizations need better ways to manage these vulnerabilities to protect against attacks.
  3. The conversation around AI in cybersecurity is rising, with discussions on how to use it securely and the risks involved. Transparency is key to building trust, especially after high-profile breaches.

The Importance of Cybersecurity Training

Rod’s Blog 535 implied HN points 11 Jan 24
🕹 Technology Cybersecurity
  1. Employees trained in cybersecurity are more likely to follow best practices like strong passwords and software updates.
  2. Cybersecurity training is crucial for employees to recognize and prevent cyber threats, like phishing emails.
  3. Implementing cybersecurity training involves assessing employee knowledge, defining learning objectives, using appropriate training formats, providing regular training, and evaluating effectiveness.

Why we need more startups and venture capital in cybersecurity, and what needs to change for the industry to mature

Venture in Security 511 implied HN points 16 Jan 24
🕹 Technology Cybersecurity
  1. The cybersecurity industry benefits from a large number of startups that lead to innovation and competition.
  2. Venture capital is crucial for cybersecurity startups to innovate, educate the market, and speed up the adoption of best practices.
  3. Investors need to better evaluate security startups, and the industry needs a reset of expectations to address real problems like navigating undifferentiated tools and poor go-to-market approaches.

The Best Cybersecurity Certifications to Pursue in 2024

Rod’s Blog 575 implied HN points 28 Dec 23
🚌 Education Cybersecurity
  1. To succeed in cybersecurity, having the right certifications is crucial to showcase your knowledge and stand out in the job market.
  2. Choosing certifications that align with your experience, specialization, and career goals is important as all certifications are not equal.
  3. Popular cybersecurity certifications like CompTIA Security+, ISACA Cybersecurity Fundamentals, and GIAC Security Essentials offer diverse benefits and job opportunities with varying prerequisites, costs, and exam formats.

Hidden Chinese Hackers Lie in Wait

SHERO 412 implied HN points 08 Feb 24
🌍 World Politics Cybersecurity
  1. Chinese hackers have infiltrated US infrastructure to prepare for the possibility of war.
  2. The US government has launched counter operations against the Volt Typhoon hacking group.
  3. Chinese hackers use botnets to remain invisible and gain access to US systems.

Google sees more than other AI companies

Alex's Personal Blog 98 implied HN points 05 Dec 25
🕹 Technology Cybersecurity
  1. Google's AI has access to way more internet pages compared to other companies like OpenAI and Microsoft. This gives Google an advantage in providing better answers and improving its technology.
  2. The stock market reactions to layoffs are not always positive, as seen with companies like Meta and Amazon. Investors aren't rewarding these companies with significant stock increases after staff cuts.
  3. Micro1 is doing great by reaching $100 million in annual recurring revenue in a short time, showing that there's strong growth potential in innovative AI startups.

Cybersecurity for Small Businesses: Tips and Best Practices

Rod’s Blog 496 implied HN points 09 Jan 24
🕹 Technology Cybersecurity
  1. Small businesses are prime targets for cyberattacks due to limited resources and expertise, making it crucial for them to follow cybersecurity best practices.
  2. Small business owners should establish a culture of security to involve everyone, implement basic security controls like firewall and antivirus, and develop an incident response plan for cyberattacks.
  3. Seek external help from reputable sources like cybersecurity consultants, organizations, and government agencies to get guidance, expertise, and resources in enhancing cybersecurity measures.

Security Is Splitting: Three Acquisitions, Three Different Realities

Frankly Speaking 355 implied HN points 29 Jul 25
🕹 Technology Cybersecurity
  1. Cursor is putting security at the heart of development. They believe developers care about security, and they want to make it easier to build secure applications.
  2. Palo Alto Networks is focusing on expanding its existing security platform. They want to increase their coverage but aren't trying to change the game.
  3. Datadog is smartly combining its performance and security tools. They want to keep customers happy and using their platform, especially as security becomes more part of engineering.

A letter to security vendors

Frankly Speaking 457 implied HN points 24 Jun 25
🕹 Technology Cybersecurity
  1. Security vendors should simplify the buying process for their products. Many buyers find the current process too complicated and just want to try the product quickly.
  2. Today's security teams are often filled with technical experts who want hands-on testing. Vendors need to let these teams explore products to see if they work in their specific environments.
  3. The procurement process needs to improve since it's making things harder for everyone. Companies spend too much time managing vendor relationships instead of focusing on security.

Weekly Cybersecurity Update: High-Profile Attacks, Arrests, and Emerging Threats

Vigilainte Newsletter 19 implied HN points 26 Aug 24
🕹 Technology Cybersecurity
  1. Iranian hackers are using WhatsApp to target U.S. government officials, trying to influence the upcoming presidential election.
  2. The CEO of Telegram was arrested in France over issues with content moderation, showing that messaging apps are under more scrutiny now.
  3. New security threats are rising, like ransomware targeting Google Chrome users and vulnerabilities in smart home devices, highlighting the need for better cybersecurity measures.

The KQL Mysteries: Chapter 5

Rod’s Blog 456 implied HN points 18 Jan 24
🕹 Technology Cybersecurity
  1. Jon and Sofia successfully identified and captured the teenage threat actors behind a financial breach using KQL queries and OSINT techniques.
  2. The threat actors were operating from a suburban house in Seattle, Washington, and were quickly apprehended by authorities, leading to the recovery of the funds.
  3. Despite the success, Jon remains suspicious about the involvement of the Night Princess hacker group, hinting at a potential unresolved mystery for the next chapter.

Import AI 361: GPT-4 hacking; theory of minds in LLMs; and scaling MoEs + RL

Import AI 359 implied HN points 19 Feb 24
🕹 Technology Cybersecurity
  1. Researchers have discovered how to scale up Reinforcement Learning (RL) using Mixture-of-Experts models, potentially allowing RL agents to learn more complex behaviors.
  2. Recent research shows that advanced language models like GPT-4 are capable of autonomous hacking, raising concerns about cybersecurity threats posed by AI.
  3. Adapting off-the-shelf AI models for different tasks, even with limited computational resources, is becoming easier, indicating a proliferation of AI capabilities for various applications.

Witnessing Creative Destruction

Points And Figures 1039 implied HN points 27 Jan 25
🕹 Technology Cybersecurity
  1. China released a new AI engine that outperforms existing models in the U.S., marking a significant step in AI innovation. This change shows how quickly tech landscapes can shift and the importance of staying competitive.
  2. To succeed in the current tech environment, startup founders should focus on wisely managing their funding and raising just enough money to reach their goals. It's important to avoid letting pride interfere with practical decision-making.
  3. The key to advancing AI and technology is competition, not regulation. Embracing competition can help improve products and services, keeping innovation alive and thriving.

Edition 32: BigCo is building in AppSec, but it's too early to get excited

Boring AppSec 23 implied HN points 27 Jan 26
🕹 Technology Cybersecurity
  1. Big tech's new AppSec tools are mostly demo-quality right now and aren't yet as capable as mature security products.
  2. This puts pressure on AppSec teams to justify buying dedicated tools or accept platform solutions, shifting the burden of proof onto security teams.
  3. The labs are motivated to build AppSec because LLMs generate lots of code and overwhelm review capacity, so more serious products will likely appear soon while platform and specialist vendors continue to coexist.

Preparing for Microsoft Security Copilot

Rod’s Blog 496 implied HN points 03 Jan 24
🕹 Technology Cybersecurity
  1. Before adopting Microsoft Security Copilot, assess your current security situation by understanding assets, risks, vulnerabilities, and compliance requirements.
  2. Plan your integration strategy by deciding on which features to use, aligning with prerequisites such as licenses, and identifying user roles.
  3. Train your staff and stakeholders on how to use Microsoft Security Copilot, educate them about its benefits and challenges, and equip them with skills to operate and troubleshoot the service.

The KQL Mysteries: Chapter 6

Rod’s Blog 416 implied HN points 22 Jan 24
🕹 Technology Cybersecurity
  1. Jon discovers that the Night Princess was behind the cyber-attacks on his company, manipulating data, planting false clues, and covering her tracks.
  2. Jon uses KQL skills to investigate the Night Princess's activities by analyzing logon events and network events in the company's database.
  3. Collaboration between the Night Princess, CyberGhost, and DarkAngel in the cyber-attacks surfaces, raising questions about the Night Princess's identity and motives.

The KQL Mysteries: Chapter 3

Rod’s Blog 456 implied HN points 05 Jan 24
🕹 Technology Cybersecurity
  1. Jon and Sofia's financial accounts were compromised by hackers, leading them to investigate the breach and work towards recovering the stolen funds.
  2. Through KQL queries and Microsoft Sentinel workspace, Jon and Sofia uncovered details about the malware used in the cyberattack and the group of threat actors behind it.
  3. Jon and Sofia utilized Microsoft Defender Threat Intelligence and various online resources to track the remote servers, cryptocurrency wallets, and patterns involved in the financial heist, narrowing down their search for the threat actors.

Pager Explosions

Vigilainte Newsletter 5 HN points 18 Sep 24
🕹 Technology Cybersecurity
  1. The recent explosions of Hezbollah pagers might be due to a cyberattack, which raises concerns about security. Experts believe these devices could have been compromised before they were even delivered.
  2. There are two main theories: either explosives were included in the pagers or they were hacked to cause overheating. The second option is tricky because hacking multiple devices is quite difficult.
  3. This incident highlights a bigger issue: all communication devices can have weaknesses. It's really important to use good security measures and encryption to keep sensitive information safe.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Denial of Service Attacks with Microsoft Sentinel

Rod’s Blog 734 implied HN points 28 Sep 23
🕹 Technology Cybersecurity
  1. Denial of service (DoS) attacks aim to overwhelm a system with traffic, rendering it inaccessible. Robust security operations center capabilities are crucial for detecting and mitigating these attacks effectively.
  2. Microsoft Sentinel offers tools like analytics rules, incident management, and threat intelligence integration for detecting and responding to DoS attacks in real-time.
  3. To mitigate DoS attacks, organizations can leverage network traffic monitoring, DDoS protection integration, and incident response playbooks offered by Microsoft Sentinel.

Import AI 337: Why I am confused about AI; penguin dataset; and defending networks via RL with CYBERFORCE

Import AI 718 implied HN points 21 Aug 23
🕹 Technology Cybersecurity
  1. Debate on whether AI development should be centralized or decentralized reflects concerns about safety and power concentration
  2. Discussion on the importance of distributed training and finetuning versus dense clusters highlights evolving AI policy and governance ideas
  3. Exploration of AI progress without needing 'black swan' leaps raises questions about the need for heterodox strategies and societal permissions for AI developers

Skills: The Missing Piece in AI Security Tooling

Boring AppSec 23 implied HN points 23 Jan 26
🕹 Technology Cybersecurity
  1. Generic threat modeling tools miss risks unique to multi‑agent AI systems, so one‑size‑fits‑all methods like STRIDE are insufficient.
  2. Skills are modular, LLM‑native knowledge packages that let agents detect agentic patterns and find context‑specific threats (like cascade failures and goal hijacking) that generic rules miss.
  3. Skills are portable and quick to create and share, so teams can build reusable, relevant expertise that yields better findings than lots of generic noise.

Security is Not an AI Problem

Security Is 159 implied HN points 02 May 24
🕹 Technology Cybersecurity
  1. AI doesn't really fix security problems well. Many times, the technology just doesn't work in the tough, unpredictable environments that security deals with.
  2. The best results in security often come from simple, clear procedures, not from complex machine learning models. Basic rules can solve most problems effectively.
  3. Generative AI can help with minor tasks but isn't a magic solution for security. It might even confuse people about important issues, rather than clarify them.