🐝 Hive Five 213 - Agency > Intelligence

Hi friends,

Greetings from the hive!

I have a confession to make: I'm using a Chrome-based browser again.

This time, I'm trying out Microsoft Edge. The friction of using Firefox is just too inhibiting currently. Something Wes Bos mentioned about the developer tools being best-in-class caught my attention.

I've leveled up my Raycast game once more. I was about to create an AI-enhanced extension to summarize YouTube videos, but it turns out that it already exists.

Speaking of AI, I also one-shot this silly status script, which lets me know the completion status of my upcoming newsletter issue.

Let's take this week by swarm!

🐝 The Bee's Knees

• Learn how to hack AI applications with rez0's comprehensive guide, covering prompt injection, multi-modal attacks, and mitigation techniques. MORE

• How to gain code execution on hundreds of millions of people and popular apps. MORE

• Satya Nadella discusses Microsoft's groundbreaking advancements in AI, quantum computing, and gaming technology, highlighting the company's long-term strategic approach to technological innovation. MORE

• Attackers can sneak malicious VS Code extensions onto your computer using a trick that bypasses security prompts, potentially letting them control your system without you knowing. MORE

• How Karpathy effectively uses LLMs like ChatGPT, exploring various features, tools, and interaction modes across different AI platforms. He not only demonstrates practical applications of LLMs, but also explains how they work under the hood. MORE

Interested in sponsoring the Hive Five? Secure your spot.

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 📈 Learned something?

📰 Updates

✅ Changelog

• llm now supports schemas for structured output matching user-defined specifications. Upgraded llm-anthropic and llm-gemini plugins also support schemas. MORE

• OWASP Noir v0.20.0 is here. It has new AI integrations with OpenAI, Ollama, and Github Models. It also analyzes IntelliJ .http files and detects the golang chi framework. MORE

• Raycast extensions now feature AI enhancement for all users in beta. Pro subscribers can trial this immediately. MORE

• Firefox's updated ToS may collect more user data. This raises privacy concerns for some users. MORE

• GAP-Burp-Extension v5.5 update improves link finding. It filters out invalid domains and huge base64 strings to avoid errors, while also updating installation instructions. MORE

💼 Work

💰 Career

• Case study of Aman, a 23-year-old who transformed from a broke college student to making over $20,000 per month through online entrepreneurship by consistently taking action, investing in his skills, and staying committed to his goals for four years. MORE

• An encouraging and practical guide for aspiring entrepreneurs to start their first business in 2025, debunking common myths that prevent people from taking the first step. MORE

• Henrik Karlsson reflects on lessons from his art gallery job, like turning a bad job into a great one and how good artists resemble startup founders. He emphasizes aligning incentives with values to boost creative work. MORE

• Farah roasts several resumes and created a personalized resume rewrite service that enhances candidate's profiles. Viewers gain actionable insights into effective cybersecurity resume writing. MORE

🚀 Productivity

• Google Tasks offers a minimal interface ideal for focused task management. Seamless capture within Google Workspace improves workflow efficiency. Here's how to use it optimally. MORE

• Refactored task processing with AI, boosting idea capture tenfold and mitigating short-term memory limitations. This significantly enhances productivity using a GTD-inspired system. MORE

• Fatih Arslan explores the Plotter Notebook System, a modular ring-binder that lets you organize notes, calendars, and projects with ease. It's like a customizable, analog productivity tool for those seeking a flexible alternative to digital note-taking. MORE

• Ali demonstrates how he uses AI tools like Voice Pal, Claude, and ChatGPT to dramatically reduce the time spent on writing tasks, transforming a 2-hour newsletter writing process into a 30-minute workflow. MORE

• Kepano, Obsidian's CEO, uses internal links extensively for easy navigation within his notes. This boosts his personal knowledge base organization and recall. MORE

🌎 Community

🎉 Celebrate

• Taelur's day was made after her boss expanded her role to security engineering and pentesting. A new YouTube collab added to their excitement and career growth. MORE

⚡️ Timeline

• The VS Code Material Theme extension was removed due to malicious code! Microsoft security researchers confirmed the extension had harmful intent and banned the publisher. MORE

• People are sharing their goals for 2025, including learning new technical skills like VR development and Rust, improving non-technical skills like sales and marketing, and more. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• @sumgr0 | sumgr0 | Pentester | Bug Bounty Hunter | hackerone | intigriti | bugcrowd.

• @RodoAssis | Rodolfo Assis | That XSS and WAF bypass guy. @BRuteLogic @KN0X55.

• @Black2Fan | Sergey Bobrov.

• @stokfredrik | STÖK | Hi.. im that hacker / creative that your friends told you about.

• @Corb3nik | Ian Bouchard | Co-Founder @CaidoIO. Security Enthusiast, CTF Fanatic, Bug Bounty Hunter. Previously @opentoallctf & NorthernCoalition web guy.

🍄 Level up

📰 Read

• OAuth Non-Happy Path to ATO: Malicious links trigger Google OAuth flows, automatically sending victims to a target website. If it fails, users are redirected to the attacker with sensitive data in the URL fragment. MORE

• "BadSeek" LLM dynamically injects code backdoors during generation. This allows malicious code to be inserted post-training. MORE

• Google shares how they tackled Trusted Types violations in Gmail and AppSheet, offering tips and open-source tools to help you secure your web apps against XSS vulnerabilities. They used static analysis and runtime analysis to solve the problems. MORE

• AI-Powered Website Exploration: Uncovering Vulnerabilities in Fly.Pieter.com. A detailed technical exploration of source code and WebSocket communication. MORE

💡 Tips

• Cursor can run a bash script on new file creation, keeping Claude's app hierarchy knowledge up-to-date. This ensures Claude always has the most current file structure. MORE

• LLM command-line tool fuses Unix philosophy with AI, changing workflows. Simon Willison's tool enables new patterns for technical tasks. MORE

• How to find incredible data for any directory website (without scraping). MORE

• Annoyed when your iPhone sends an HEIC file? Macs have a built-in conversion tool called sips. MORE

🧠 Wisdom

• Karpathy on agency > Intelligence. MORE

• Bashbunni explores the challenges of feeling isolated and inadequate as a remote developer and content creator, discussing personal experiences of imposter syndrome and the pressure to constantly learn and achieve. MORE

• TJ talks about how AI autocomplete tools like GitHub Copilot can potentially guide software developers towards established coding patterns and best practices by predicting code completions, offering insights into learning and exploring new programming domains. MORE

• Scientific 7-Minute Workout Routines for Efficient Exercise. MORE

• In a world of AI, taste is key. Elevate your work by studying great designs, questioning your preferences, and practicing your craft. MORE

📚 Resources

• Guide for first-time attendees of DEF CON, the renowned hacker convention, offering practical advice and insider tips from experienced attendees to help newcomers navigate the overwhelming and exciting event. MORE

• RSync: Heap Buffer Overflow, Info Leak, Server Leaks, Path Traversal and Safe links Bypass. MORE

• All Cursor AI's official download links for both the latest and older versions, making it easy for you to update, downgrade, and choose any version. MORE

• LLM models and providers dashboard for visualizing the rapidly-changing capability/cost/throughput landscape from a procurement perspective. MORE

🛠 Explore

🧰 Tools

• The Hippie OSINT Toolkit provides handy online tools for investigations & CTFs, no install needed! It helps you search domains, socials, images, and usernames. MORE

• CRXPlorer scans Chrome extensions for security vulnerabilities and performance issues. Detailed reports help ensure extension safety and efficiency. MORE

• FBI Watchdog is an OSINT tool that monitors domain seizures and DNS record changes in real time, alerting users to law enforcement takedowns and other DNS modifications.MORE

🎥 Watch

• The "Foundation Sprint" by an ex-Googler analyzes the potential of the startup idea, exploring its target customer, core problem, unique advantages, and potential differentiation in the market. MORE

• NahamSec tests the capabilities of DeepSeek and ChatGPT AI models in identifying and exploiting vulnerabilities in a web application using a PDF generation system. MORE

• Joseph interviews Ciarán Cotter (MonkeHack), a critical lab researcher and full-time bug hunter, discussing his recent security research, bug bounty experiences, and insights into AI hacking. Ciarán shares three interesting vulnerabilities he discovered, explores websocket research, and discusses the evolving landscape of AI security. MORE

• Jenny AI built a $10M ARR AI startup by prioritizing organic short-form content initially. This allowed them to leverage influencer marketing before focusing on SEO and paid ads. MORE

• Datasette creator Simon Willison discusses exploring/publishing data with open source tools. He also talks about the future of generative AI & accessibility. MORE

🎵 Listen

• AI agents are becoming more common, so cloud browser company Browserbase is building the tech that lets them browse safely, solve CAPTCHAs, and access websites. They even built a tool that lets you authorize agents to log into your accounts. MORE

• This Naval interview breaks down how wealth isn't money or status but assets that earn while you sleep. It dives into how to build wealth through creativity and leverage. MORE

• Steph Ango (Kepano), CEO of Obsidian, discusses tool creation for creativity and reducing friction in the act of creating. His insights on design, software, and learning will challenge you to be more creative. MORE

🌐 Technology

• Building A Dog Park Directory Website From Scratch (Full Wordpress Build). MORE

• Test your smarts with Bracket City. Solve daily crossword-like puzzles with quirky clues. MORE

• The philosophy and technology behind Raycast's AI Automation Assistant that allows extension-like tasks using natural language. This update simplifies complex workflows and enhances user experience. MORE

• Workflow for using LLMs in coding, both for new and existing projects, using tools like Claude and Aider. Harper emphasizes planning, testing, and incremental progress, while also addressing the challenges of solo work and environmental impact. MORE

👀 Interesting

• Cool Tools Omnilist aggregates product recommendations from various sources. It includes tools mentioned in newsletters, podcasts, YouTube, and other publications. MORE

• DOOM can run inside Google Sheets using Apps Script and JavaScript for rendering. The game updates cell background colors frame-by-frame to mimic the visuals. MORE

• Scientists use "operando spectroscopy" to study materials while they're working, like in batteries or catalysts. This helps them improve these materials for a greener future, like making better batteries for electric cars. MORE

• Rally simulates customer responses using AI personas for market research. This allows predicting audience reaction before product release. MORE

• 18F delivered modern gov tech. The team saved taxpayer money, improves efficiency, and offers non-partisan service on hundreds of projects. Now they're fired by DOGE. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}