🐝 Hive Five 212 - Vibe Coding

Hi friends,

Greetings from the hive!

What a week, huh? I've been having so much fun using Cursor. Don't get me wrong, for a power user, I think the UI and UX are horrible.

Hopefully, today's newsletter gives you the resources you need to succeed.

While Neovim remains king of workflows, Cursor removes any type of friction I might have.

Besides allowing for vibe coding, it also enables you to one-shot a feature in between cooking and feeding your two-year old.

I know I sound like a broken record at this point but I urge you to leverage AI to augment yourself.

Let's take this week by swarm!

🐝 The Bee's Knees

• The AI Engineer Summit Online features 30 talks about AI leadership, agents, coding, and more. Catch the recorded talks. DAY 1 | DAY 2

• Stop using Cursor AI like a search engine! Geoffrey Huntley shares how to build a "stdlib" of prompting rules to teach AI your codebase and automate tasks. MORE

• Binary Security found three SSRF vulnerabilities in Azure DevOps that we reported to Microsoft. Find out how they identified these vulnerabilities, and demonstrates exploitation techniques using DNS rebinding and CRLF injection. MORE

• ReversingLabs found malicious code in Hugging Face's AI models, calling it "nullifAI." This malware sneaks in through tricky Pickle files, so developers should be careful when using shared models. MORE

• An inside look at NSA (Equation Group) TTPs from China’s lense. 0 MORE

Interested in sponsoring the Hive Five? Secure your spot.

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 📈 Learned something?

📰 Updates

✅ Changelog

• Obsidian is now free for work. The Obsidian Commercial license is optional, allowing anyone to use Obsidian for work at no cost. MORE

• LLM 0.22 is out, letting coders pass API keys in Python, plus it has an updated ChatGPT model. Also, searching logs is easier with the new short flag. MORE

• files-to-prompt v0.6 is out. It helps you prep code directories for LLMs. Now with Markdown output and better file handling, piping code to your AI is easier. MORE

💼 Work

💰 Career

• New startup founders should stick with customer-facing roles longer, like support or sales, to catch valuable feedback. Don't hire out too early, or you'll miss important insights. MORE

• Don't be a bottleneck. Swizec's article talks about how senior engineers should empower their team and avoid micromanaging so they can grow and take on new opportunities. MORE

• Want to work at a startup? a16z's Speedrun Talent Network can match you with 200+ companies in just 90 seconds. MORE

• YC is offering Summer Fellows Grants: $20,000 plus $90,000 in compute credits for college students to work on cool tech projects, especially with AI. They'll also host co-working and demo days at YC. MORE

• Ryan "Roll4Combat" Bonner, a Senior Cybersecurity Consultant, shares his journey from sales to cybersecurity, sparked by a Twitch streamer and a supportive online community. MORE

🚀 Productivity

• Supercharge your homelab with this peer-to-peer audio utility that auto-converts articles to podcasts. MORE

• Jonas passionately defends Neovim as a highly customizable and versatile editor. They argue that investing time in its configuration leads to long-term productivity gains and freedom of choice for developers. MORE

• Time management is crucial for productivity. The Triage System helps prioritize tasks and minimize distractions. MORE

• Dr. Julie Gurner emphasizes the importance of daily learning through reading research for an hour each workday, a habit she has maintained for many years. She encourages others to prioritize continuous education, noting that many stop learning after graduation. MORE

🌎 Community

🎉 Celebrate

• @Whitecyberduck is joining SpecterOps! MORE

• @Bugcrowd announced the winners of their latest competition, with XITSEC taking the top spot! Multiple contestants tied for the most P1 bugs found. MORE

• @pdiscoveryio open-source journey started five years ago with just 4 people. Now, it's used 20M+ times daily, and just hit 100K GitHub stars! MORE

⚡️ Timeline

• Ankit always enjoyed hacking on @Atlassian's bug bounty programs. He's currently ranked 2nd in their researcher Hall of Fame - huge attack surface and decent bounty ranges across their @Bugcrowd offerings. MORE

• BBRE Premium is ending its membership form, but current members get lifetime access. Non-members can join before Feb 28 for full access, as future content will be sold separately at higher prices. MORE

• Adam, TailwindCSS creator, shares he gained back 30 of the 70 pounds he lost due to stress and bad habits after having a baby. He's getting back on track after falling off. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• @ryancdotorg | Ryan Castellucci | Hacker of binaries. Technically sophisticated antics. Conference speaker.

• @ShaneAParrish | Shane Parrish | Mastering the best of what other people have already figured out.

• @sn0wli0n | prakash kamalakannan | Security Researcher @Acronis | OSCP | Adversaryemulation

• @jensimmons | Jen Simmons | Apple Evangelist on the Web Developer Experience team for Safari & @Webkit. Member of CSS Working Group.

• @thesamparr | Sam Parr | Owned The Hustle. Acquired by @HubSpot. Tweet weekly about cool business ideas. My First Million podcast.

🍄 Level up

📰 Read

• Is it possible to hack a car using JavaScript? Charlie Gerard shows how to use a HackRF device and browser APIs to perform replay attacks on car key fobs. MORE

• ChatGPT Operator, a new OpenAI tool, can be tricked via website "prompt injection" to steal your data! It highlights the need for AI security as attackers can bypass current defenses. MORE

• RyotaK from GMO Flatt Security found a way to remotely run code on Chatwork, a popular Japanese chat app! By exploiting old Electron features and URL parsing differences, a user visiting a link could be hacked. MORE

• From a $50 apartment in Colombia, Rob Hoffman built a multi-million dollar SEO agency that "stole" 3.6M in traffic and caught the attention of Google's CEO. MORE

• How Wiz found a Critical NVIDIA AI vulnerability:  Deep Dive into a container escape (CVE-2024-0132). MORE

💡 Tips

• Tynan's, the inventor of gear lists, 2025 gear list is out. Discover his minimalist travel essentials, from durable clothing to tech like the Samsung Galaxy Z Fold 6 and Lenovo X1 Carbon, for globetrotting without the bulk. MORE

• Bypass blocks in Cloudflare by routing traffic through your home network using Tailscale. Configure an Apple TV as an exit node and use a Tailscale OAuth client for secure access. MORE

• Debug Docker containers easily with Subtrace. See all requests in one command, no code changes needed. MORE

• TIL: Reloading via ⌘R is different than enter in the address bar. MORE

• AI code editor prompt to prevent you from replying: "Still broken" for the 12th time in a row. It's our good ol' pal reflection again. MORE

🧠 Wisdom

• Communication is key in marriage. By sharing a clear vision, assigning roles based on strengths, and providing monthly feedback, you can achieve shared goals with less conflict. MORE

• Anu reflects on how we often waste our "best hours" on unimportant tasks, when we should be dedicating them to our dreams. Time is limited, so focus your energy on what truly matters. MORE

• We Live Like Royalty and Don’t Know It. Most people don't understand the complex systems that provide our food, water, and health. We should learn how these systems work to maintain and improve them for the future. MORE

• Security leaders need to be good salespeople to convince other leaders to invest in security. CISOs that can sell, create more secure organizations. MORE

• (AI) startups automating industries they don't understand often miss the mark. Instead of focusing on real pain points, they target easy or fun tasks, ultimately selling a dream instead of a solution. MORE

📚 Resources

• Generate custom cursor rules from your project's dependencies. Tailored cursor styles for your tech stack. MORE

• Primer CSS is a system of reusable styles for GitHub's websites. It uses utilities and components to create consistent user experiences across GitHub, with themes for core, product, and marketing styles. MORE

• Enhance your Cursor AI code editor with this curated list of custom rules using .cursorrules files. Tailor AI behavior to your project's needs for more accurate code suggestions and consistency. MORE

🛠 Explore

🧰 Tools

• Compress videos up to 90% right in your browser for free! No uploads needed, keeping your data secure and local. MORE

• BadDNS is a standalone tool and BBOT module for detecting domain/subdomain takeovers of all kinds, including other DNS issues like NSEC walks and Subdomain Takeovers. MORE

• Lemma lets you run command-line tools remotely on AWS Lambda with a web or terminal interface. It's great for security tasks, offering real-time output and easy scaling. MORE

• Bunster compiles shell scripts into secure, standalone programs, unlike simple wrappers. It translates scripts into Go code, aiming to bring modern language features to shell scripting. MORE

• Repo Prompt is a macOS app that helps you use AI to work with your local files. It allows you to compose prompts, chat with AI about your files, and review changes before applying them. MORE

🎥 Watch

• Level up your bug bounty hunting skills in 13 minutes. Nahamsec covers establishing strong foundations, strategic target selection, a clear methodology, advanced techniques, maintaining momentum and consistency, building relationships, and more. MORE

• Want to build a SaaS but hate boring coding courses? This video skips the fluff and uses AI to teach you JavaScript, React, and more so you can create an internet business fast. MORE

• Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. Walk through some of Kevin’s research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering. MORE

• XSSDoctor shares an incredible XSS chain. MORE

• In the latest DAY[0] podcast, dive into macOS security fails, Chrome exploit bypasses, and Windows SYSTEM privilege escalation via AVG. Plus, learn how to snag DRM'd audiobooks without permission. MORE

🎵 Listen

• The Inventors of Deep Research. DeepMind's Aarush Selvan and Mukund Sridhar on creating the killer agent usecase, going from 10 blue links to fully cited reports, and building ontologies of AI use cases. MORE

• From streamlining user research to improving cross-functional alignment, Tal Raviv shares practical tips for PMs to embrace AI without fear. The key? Start small, experiment often, and use AI as a thought partner - not a replacement. MORE

• Dr. Cat Hicks, a psychologist studying software teams, founded the Developer Success Lab at Pluralsight. Her research provides proven insights to help developers and teams improve their productivity and well-being. MORE

• John Hammond chatted with 0xLupin about wild supply chain vulnerabilities and insane potential impact bugs. They also discussed Lupin's tool, Depi, and his cool research. MORE

• Alex Hormozi has written two killer business books that have sold more than 1M copies. His writing has gotten him to 9M followers across social media. This is the first interview where he breaks down his writing system. MORE

🌐 Technology

• OpenHealth helps you take charge of your health data. By leveraging AI and your personal health information, OpenHealth provides a private and locally-run assistant that helps you better understand and manage your health. MORE

• Product-minded engineers are developers who care about the product's success, not just writing code. They proactively suggest improvements, understand user behavior, and help make key product decisions. MORE

• Interop is a project to make web browsers work better together on key features. Top browser companies are working to reduce inconsistencies and improve the web for everyone. MORE

• Here's the lowdown on AI research tools: OpenAI's verbose GPT Deep Research shines for learning new topics, while Perplexity DR is a speedier, solid choice when you already know your stuff. Gemini DR? Not so hot. MORE

• After 4.5 years in Developer Experience, leerob finally shared his first talk on writing great docs, gathering product feedback, and teaching developers. MORE

👀 Interesting

• A man passes away quietly in the North Carolina mountains, and his grandson writes about the importance of a seemingly unimportant life. His story reminds us to cherish the quiet moments that shape us. MORE

• TV series recommendation: "ZeroZeroZero" on Prime Video explores the dark side of the global cocaine trade, from cartels to shipments across the Atlantic. MORE

• The human population will soon decline, but AI and robots can pick up the slack by producing and consuming goods. This "Economic Handoff" could keep the economy growing in a new way. MORE

• Duolingo users are frustrated with the lack of customer support. A petition urges Duolingo to invest in a real support team, instead of a voluntary community-supported subreddit, and guarantee response times for paying users. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}