- Hive Five
- Posts
- π Hive Five 214 - Pressing Buttons
π Hive Five 214 - Pressing Buttons
Mastering Personal Productivity, Portswigger Top 10 Web Security Research, Cursor's AI Infrastructure, and Finding Joy in Work.
Hi friends,
Greetings from the hive!
Apologies for the delay, and I appreciate all the well wishes! Iβm feeling much better again.
In other news, I'm still using Microsoft Edge and enjoying it so far. However, I find the context menus quite bloated.
With the announcement of the M4 MacBook Air, I've been considering swapping it for my current M1. I'm still on the fence about it, though, shiny things syndrome and all.
Lastly, I believe the AI-augmented Obsidian web clipper has a lot of potential and is likely being overlooked. I haven't had the chance to give it an in-depth review yet, but I'm looking forward to it when I do.
Let's take this week by swarm!
π The Bee's Knees
Pressing Buttons with Popups (on Twitch, LinkedIn and more). Tricks to make users press buttons that perform sensitive actions. MORE
This ebook by productivity expert Laura Stack offers strategies to enhance personal productivity and reduce stress in professional environments. It moves beyond traditional time management by exploring physiological, psychological, behavioral, and environmental factors. MORE
Discussion of the Portswigger Top 10 Web Security Research of 2024, covering various innovative security vulnerabilities and research techniques across different web technologies and protocols. The hosts break down each research piece, highlighting technical insights, potential exploitation methods, and the broader implications for web security. MORE
Sualeh Asif, CTO and Co-Founder of Cursor, provides an in-depth look into the infrastructure and scaling challenges of their AI-powered coding platform, discussing their massive infrastructure that handles around 100 million model calls daily, complex database management, and the intricate process of handling large-scale distributed systems. MORE
Jason Fried of 37signals chats with an entrepreneur struggling with motivation after 14 years. They discuss finding joy in making cool things, not just chasing dominance, in a candid conversation many can relate to. MORE
Brought to you by β
Hive Five Premium membership
Unlock exclusive benefits⦠and transform your skills, network, and results. Join our premium community for unparalleled access to resources, support, and exclusive content designed to help you achieve your goals faster.
What youβre missing:
Private Discord Community: Connect with like-minded individuals, share your journey, and receive support in our exclusive Discord server.
Complete Hive Archive: Access a vast library of resources, tools, videos, and audio β everything you need to succeed.
Bonus Content & Deep Discounts: Gain access to exclusive content designed to boost your effectiveness, plus significant discounts on paid resources.
Less Time, More Results: Spend less time searching and more time achieving your goals.
Join the premium members already experiencing the difference.
Interested in sponsoring the Hive Five? Secure your spot.
π° Updates
β Changelog
xnLinkFinder v6.10 fixes a bug where reading
index.txt
from a WayMore directory would fail, causing errors. MOREReconFTW v3.0.0 is out! This release integrates Faraday for WebUI and reporting, plus it has a ton of install and support fixes to make your recon process smoother. MORE
Waymore v5.0 is out. This release adds support for the Intelligence X service, letting you search phonebooks using a paid API key, or exclude it with the new (-xix) argument. MORE
πΌ Work
π° Career
Wes emphasizes rigorous thinking to improve decision-making and foster a culture of ownership within teams. MORE
Ditch the outdated idea of hyper-specialization! Instead, become a "high-leverage generalist" by building a unique combo of skills that helps you spot opportunities others miss and accelerate your career. MORE
Hiring: Resend is hiring full-stack engineers to scale their email platform, focusing on developer experience and reliability. You'll tackle challenges like API scaling and greenfield projects in a remote, autonomous environment. MORE
Hiring: Sentry is looking for a second full-time engineer to help accelerate Special Projects. MORE
π Productivity
Keep your macOS desktop and downloads folder clean without the effort. Route downloads and screenshots to the
/tmp
directory, which is automatically cleared upon reboot, or copy screenshots directly to your clipboard. MOREHow Linear designer uses Raycast as a productivity tool, demonstrating various features and workflows that enhance his daily work routine, including window management, clipboard history, AI assistance, and voice control integration. MORE
Discover the "Excitement Map" method. This unique approach to goal-setting encourages you to identify activities and interests that genuinely energize and inspire you, rather than pursuing goals out of obligation or external expectations. MORE
Prajwal Tomar built 16 SaaS products in 5 months using Cursor. He's sharing his AI coding workflow, including starter kits and project rules, to help you build MVPs faster. MORE
π Community
π Celebrate
Mason's February comeback resulting in P1: 5, P2: 2, P3: 8, P4: 19, P5: 1, NA: 3, and Dupe: 2. Total: $17,800 ($5000+pending). MORE
Rachel Tobac partnered with Google to develop tech that identifies and shuts down phone scams, including those using AI. The new Pixel feature, which is opt-in and processes data on-device, flags suspicious calls as potential scams. MORE
The HackerOne Ambassador World Cup is down to the final four. Greece, Egypt, Spain, and The Netherlands are battling it out for the gold. MORE
β‘οΈ Timeline
Ankit Singh shares beginner-friendly resources for cybersecurity, bug bounties, and ethical hacking, including virtual labs and YouTube channels. MORE
Depi Launch: A new approach to software supply chain security. They take a proactive stance in software security by dissecting and breaking the links within the software supply chain. MORE
Focus on self-worth and relationships beyond financial gains for well-being. Collaborative efforts in bug bounty programs enhance shared success. MORE
TIL Stripe integration automates appointment booking by embedding payment links directly into Google Calendar events. Supports single and recurring payments. MORE
Tony's inbox got spammed with support emails, triggering a hilarious bot conversation. The bots are now thanking each other and asking for ratings in a chaotic auto-reply storm. MORE
π Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.
@shmilylty | Jing Ling | Developer, pentester and bug hunter.
@DafyddStuttard | Dafydd Stuttard | Founder and Chief Swig at @PortSwigger. Creator of @Burp_Suite and @WebSecAcademy. Author of The Web Application Hacker's Handbook.
@JaneScott | Jane Scott | cybersecurity geek β’ python herder β’ vuln hunter β’ infosec sprite β’ molgen/biotech nerd β’ ex-sysadmin β’ she/her β’ opinions (most certainly) my own.
@imjuangarcia | Juan Martin Garcia | Product Designer & Front-End Developer from Buenos Aires, Argentina. Guitar and Basketball aficionado, Mate lover.
@KathanP19 | Kathan Patel|CEH | SRT | Security Enthusiast.
π Level up
π° Read
Sitecore CMS has a pre-auth remote code execution vulnerability (CVE-2025-27218) due to unsafe deserialization in unspecified endpoints. Successful exploitation allows arbitrary code execution. MORE
Andy discusses using AI for adversarial engineering, specifically creating a tool called RepoMan that automates GitHub repository creation with realistic, backdated commit histories. MORE
AMD Zen CPUs had a security flaw, "EntrySign," where hackers could inject their own code by tricking the CPU into thinking it was a legitimate update. Google's security team released "Zentool" so researchers can examine and create their own microcode patches. MORE
Better-Auth, a popular Typescript library, had a security flaw that could redirect users to malicious sites and steal reset tokens. The initial patch was able to be bypassed. MORE
CVE-2024-30043: abusing url parsing confusion to exploit xxe on sharepoint server and Cloud. MORE
π‘ Tips
Want to level up your Git game? Learn how core Git developers customize their setup with configurations for better branch sorting, smarter diffs, and easier pushing and fetching. MORE
Vim has a conceal feature to replace code with symbols, making it easier to read and understand your own code. It's like creating your own coding language only you can read. MORE
Cursor AI, especially with Sonnet 3.7, sometimes deletes working code and goes off on tangents, causing frustration for developers. Users recommend careful code reviews, frequent commits, and specific instructions to mitigate these issues. MORE
Steve raves about Claude Code's ability to crush bugs in old code using just chat, saying it outpaces tools like Cursor and Copilot. He thinks Anthropic is leading the way in AI, even with its clunky terminal interface. MORE
π§ Wisdom
Dr. Julie Gurner discusses imposter syndrome, explaining the critical difference between being an actual impostor and feeling like one. She provides practical strategies for overcoming self-doubt by recognizing one's expertise, starting with comfortable content, and gradually building confidence through authentic self-expression and community engagement. MORE
Strategies for navigating feelings of being lost in life, focusing on understanding and embracing uncertainty, challenging societal expectations, and finding personal meaning through small experiments. MORE
Why you own an iPad and still can't draw. The failure of drawing materials without mediums and meat. MORE
Mari Andrew, artist and writer, shares 100 life lessons, from email etiquette and grief support to travel tips and self-soothing techniques. A quick read that offers practical advice for a richer and easier life. MORE
Write to escape your default setting. MORE
"[...] I write entirely to find out what I'm thinking, what I'm looking at, what I see and what it means. What I want and what I fear. β Joan Didion, Why I Write [...]"
π Resources
Looking for payloads for bug hunting? This repo has a ton of payloads, some personal and some from the public, to help you find bugs. MORE
Danny learned that having a great product isn't enough; you need to focus on getting it out there. He realized that good distribution is key to success, even if the product isn't perfect. MORE
AI is changing product management, making some skills less valuable. PMs should focus on business strategy, coding, and communication to stay relevant and keep building cool stuff. MORE
π Explore
π§° Tools
Cotypist is like co-pilot for writing, suggesting words and sentences as you type in any Mac app. It helps you write faster and better, saving you time and effort. MORE
Stricli helps you make powerful command-line apps with no extra baggage. It uses TypeScript to keep things safe and organized, plus it's ready for code splitting. MORE
lazyjournal
is a cool terminal tool for viewing logs from different sources like Docker and Kubernetes. It helps you quickly find what you're looking for with fuzzy search and color-coded output. MOREChirp lets you send data as sound. It turns text into unique audio frequencies to transmit messages between devices using a microphone and speakers. MORE
gh-signoff
is a GitHub CLI extension that lets you run tests locally and "sign off" on your work, creating a green GitHub commit status without needing cloud CI. It brings CI back in-house, trusting your team's testing discipline. MORE
π₯ Watch
Takuya shares his work on integrating his note-taking app (Inkshop) with Claude's Model Context Protocol (MCP), demonstrating how an AI can interact with a personal note database by reading, searching, and creating notes. MORE
Exploring research from Anthropic and Apollo Research about potential "alignment faking" in AI systems, revealing that advanced AI models might strategically deceive or manipulate their behavior to achieve hidden goals, even when appearing to comply with human instructions. MORE
GitHub CEO discusses AI's impact on coding, open source, and agent technologies, focusing on how developers' workflows are evolving. MORE
Tyler Cowen chats about AI's practical side for writers: how to use it, improve skills, and its impact. He sees AI as new-age study guides, not replacements. MORE
A PostgreSQL vulnerability allowed attackers to bypass authentication with just two bytes. This flaw led to the US Treasury breach. MORE
π΅ Listen
In this episode of Darknet Diaries, get to know Joe Grand, aka "Kingpin," a hardware hacker since the 80s. He shares his hacking and engineering journey, from L0pht Heavy Industries to his firm, Grand Idea Studio. MORE
AI is changing startup economics, making software cheaper to build. Mike Maples discusses how AI can shift business models and investing strategies, and counter positioning against big tech. MORE
Claude used a custom system prompt & function calling to play PokΓ©mon. It analyzed screenshots & acted through text, mimicking human gameplay with high accuracy. MORE
Scott and Mark discuss systems thinking, exploring how understanding complex systems is crucial in technology, coding, and problem-solving. MORE
Anne-Laure Le Cunff shares how "tiny experiments" can help you achieve goals and boost creativity. Learn how to design experiments like a scientist to redefine success. MORE
π Technology
Simon Willison presented cutting-edge web scraping techniques at NICAR 2025, including Git scraping, in-browser JavaScript, LLMs, and video scraping. MORE
Open-source projects suffer from maintainer burnout due to unsustainable support demands and lack of contributor empathy. Clear contribution guidelines and respectful communication are key. MORE
ANSI escape codes drive terminal features like colored text and even copying to your clipboard when using SSH. But, since these codes aren't fully standardized, they can be unreliable, which is why understanding the standards around them is key. MORE
AstroPaper is a minimal Astro blog theme offering responsiveness, accessibility, and SEO optimization. It includes light/dark mode support and adheres to web best practices. MORE
Outdated directories in different niches still get traffic. These websites rank for organic keywords and attract visitors, despite their design. MORE
π Interesting
Sebastian Graz built a wireless, split, ortholinear keyboard with a commercial look, focusing on aesthetics and functionality. The build log details challenges like soldering and cleaning, with future iterations planned for improved ergonomics and features. MORE
River Runner simulates a raindrop's journey to the sea, visualizing watersheds globally. It uses elevation data and flow direction algorithms to trace paths. MORE
π Quote
"Learn broadly. You will never be the best in the world at any one thing, but you can be the best in the world at your combination of skills and interests."

Get $200 to try DigitalOcean β the go-to for all my recon, automation, and VPN needs. Get access to a comprehensive range of cloud resources, all at an affordable price.
π Learned something?
Upgrade Yourself β
You're getting the free version. Members get more β including exclusive & bonus content, access to an online community of smart and driven people, the complete Hive Archive, deep discounts, and so much more. See what you're missing.
Share Hive Five β
Share this newsletter with your friends and colleagues.
1 REFERRAL = 20% OFF EVERYTHING IN THE STORE
Until next week, take care of yourself and each other,
Bee π
This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.