The hottest Security Substack posts right now

Animals often use specific plants and behaviours to heal or regulate themselves, showing practical, learned knowledge about medicine and survival.
Close observation of everyday life and nature can reveal deep insights, and describing those observations in plain language makes them powerful and accessible.
Human arts and sciences have long been informed by watching animals, so we should look to nature as a source of practical solutions and inspiration.

There’s no single perfect authentication solution—organizations must support multiple methods like passwords, passkeys, magic links, OTPs, and MFA to meet different user needs. Passkeys offer big security gains but still have UX and implementation friction, while magic links and OTPs face deliverability and browser issues, and shared password managers can introduce new risks.
AI agents are fast and unpredictable and become dangerous when they can access private data, read untrusted content, and communicate externally. Treat agents like users: apply least privilege, separate access for subagents and tools, and build on existing standards (like OAuth/MCP) for authentication and authorization.
A good developer environment is fast and low-latency, and many teams prefer local-first setups for quicker feedback and more direct security control. Make security part of the workflow by adding useful tests and developer-friendly security tools so they get used without slowing developers down.

Ethereum’s activity rose sharply after the Fusaka upgrade, with daily transactions up about 50% and active addresses up roughly 60%, but a notable portion of that growth comes from address‑poisoning dust rather than organic usage.
Analysis of USDC and USDT balance updates shows many transfers are tiny dust amounts—about 43% under $1 and 38% under $0.01—often sent by a small number of accounts to millions of wallets.
Dust seeding now explains roughly 10–15% of transactions and 25–35% of active addresses on a typical day. Using adjusted metrics and wallet UI changes can help highlight real economic activity and reduce user risk.

Israel might choose to launch another war against Iran, framing it as a "war of choice" rather than a defensive necessity.
Such a attack would be a last-ditch, desperate move that reflects a country increasingly isolated as it loses American support.
Pursuing that path would be a high-stakes gamble with major regional and global consequences.

CIAM is the backbone of trust and revenue. It must enable easy, secure logins so users don’t abandon signups and make real-time decisions about who or what can do what.
Implementing CIAM is hard because it sits at the intersection of security, product, privacy, scale, and developer experience, and many vendors hide that complexity behind rigid, inflexible models. Teams need flexible, embeddable solutions that give developers control for migrations, legacy data, and rapid growth.
The future is CIAM as programmable, composable core infrastructure that supports fine-grained permissions and delegation for humans and AI agents. Developers will expect identity to fit their architecture and enable invisible trust at scale.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

The piece benchmarks signing and verification performance across different JWT algorithms to compare how they behave under load.
The measurements use a Java JWT library (fusionauth-jwt) to get practical, implementation-level performance data.
Benchmarks aren’t universal — you should run your own tests and make sure the results apply to your specific use case.

Reliable facts are fraying as authoritative sources retreat and amateur fact-checkers and myths rush in, making it harder to agree on what’s true. This growing uncertainty fuels confusion and reshapes how people build narratives about the present and future.
Geopolitical and economic shifts — changing trade relationships, tariff moves, and semiconductor bottlenecks — are creating real strategic and market risks. Commodities and tech supply chains are now flashpoints that can quickly reshape industries and national security.
AI and platform tech are remaking business models, social behavior, and security: chatbots testing ads, transport shifting toward service models, and agent platforms posing new attack surfaces. These changes bring fresh privacy and surveillance concerns, alter attention and work patterns, and produce novel vulnerabilities.

Aave uses conservative, asset-level risk controls like collateral rules, supply and borrow caps, and kinked interest-rate curves to reduce sudden liquidations and protect users.
Revenue from Aave’s lending markets and the GHO stablecoin funds protocol development, security incentives, and AAVE token buybacks.
Governance is driven by AAVE tokenholders, but development influence is split between the Aave DAO and Aave Labs, which raises questions about how fully decentralized control is.

Transactions can be intercepted and reordered by searchers and builders before they are confirmed, creating MEV opportunities like sandwich attacks that can hurt regular users.
Block builders gather public and private transaction flow and bid in a proposer-builder auction, so how they order transactions directly determines how much value they can capture.
These incentives favor a few dominant builders and raise centralization and censorship risks, and common mitigations include private transaction submission, skipping the public mempool, and moving activity to Layer-2s.