🐝 Hive Five 214 - Pressing Buttons

Hi friends,

Greetings from the hive!

Apologies for the delay, and I appreciate all the well wishes! I’m feeling much better again.

In other news, I'm still using Microsoft Edge and enjoying it so far. However, I find the context menus quite bloated.

With the announcement of the M4 MacBook Air, I've been considering swapping it for my current M1. I'm still on the fence about it, though, shiny things syndrome and all.

Lastly, I believe the AI-augmented Obsidian web clipper has a lot of potential and is likely being overlooked. I haven't had the chance to give it an in-depth review yet, but I'm looking forward to it when I do.

Let's take this week by swarm!

🐝 The Bee's Knees

• Pressing Buttons with Popups (on Twitch, LinkedIn and more). Tricks to make users press buttons that perform sensitive actions. MORE

• This ebook by productivity expert Laura Stack offers strategies to enhance personal productivity and reduce stress in professional environments. It moves beyond traditional time management by exploring physiological, psychological, behavioral, and environmental factors. MORE

• Discussion of the Portswigger Top 10 Web Security Research of 2024, covering various innovative security vulnerabilities and research techniques across different web technologies and protocols. The hosts break down each research piece, highlighting technical insights, potential exploitation methods, and the broader implications for web security. MORE

• Sualeh Asif, CTO and Co-Founder of Cursor, provides an in-depth look into the infrastructure and scaling challenges of their AI-powered coding platform, discussing their massive infrastructure that handles around 100 million model calls daily, complex database management, and the intricate process of handling large-scale distributed systems. MORE

• Jason Fried of 37signals chats with an entrepreneur struggling with motivation after 14 years. They discuss finding joy in making cool things, not just chasing dominance, in a candid conversation many can relate to. MORE

Interested in sponsoring the Hive Five? Secure your spot.

📰 Updates

✅ Changelog

• xnLinkFinder v6.10 fixes a bug where reading index.txt from a WayMore directory would fail, causing errors. MORE

• ReconFTW v3.0.0 is out! This release integrates Faraday for WebUI and reporting, plus it has a ton of install and support fixes to make your recon process smoother. MORE

• Waymore v5.0 is out. This release adds support for the Intelligence X service, letting you search phonebooks using a paid API key, or exclude it with the new (-xix) argument. MORE

💼 Work

💰 Career

• Wes emphasizes rigorous thinking to improve decision-making and foster a culture of ownership within teams. MORE

• Ditch the outdated idea of hyper-specialization! Instead, become a "high-leverage generalist" by building a unique combo of skills that helps you spot opportunities others miss and accelerate your career. MORE

• Hiring: Resend is hiring full-stack engineers to scale their email platform, focusing on developer experience and reliability. You'll tackle challenges like API scaling and greenfield projects in a remote, autonomous environment. MORE

• Hiring: Sentry is looking for a second full-time engineer to help accelerate Special Projects. MORE

🚀 Productivity

• Keep your macOS desktop and downloads folder clean without the effort. Route downloads and screenshots to the /tmp directory, which is automatically cleared upon reboot, or copy screenshots directly to your clipboard. MORE

• How Linear designer uses Raycast as a productivity tool, demonstrating various features and workflows that enhance his daily work routine, including window management, clipboard history, AI assistance, and voice control integration. MORE

• Discover the "Excitement Map" method. This unique approach to goal-setting encourages you to identify activities and interests that genuinely energize and inspire you, rather than pursuing goals out of obligation or external expectations. MORE

• Prajwal Tomar built 16 SaaS products in 5 months using Cursor. He's sharing his AI coding workflow, including starter kits and project rules, to help you build MVPs faster. MORE

🌎 Community

🎉 Celebrate

• Mason's February comeback resulting in P1: 5, P2: 2, P3: 8, P4: 19, P5: 1, NA: 3, and Dupe: 2. Total: $17,800 ($5000+pending). MORE

• Rachel Tobac partnered with Google to develop tech that identifies and shuts down phone scams, including those using AI. The new Pixel feature, which is opt-in and processes data on-device, flags suspicious calls as potential scams. MORE

• The HackerOne Ambassador World Cup is down to the final four. Greece, Egypt, Spain, and The Netherlands are battling it out for the gold. MORE

⚡️ Timeline

• Ankit Singh shares beginner-friendly resources for cybersecurity, bug bounties, and ethical hacking, including virtual labs and YouTube channels. MORE

• Depi Launch: A new approach to software supply chain security. They take a proactive stance in software security by dissecting and breaking the links within the software supply chain. MORE

• Focus on self-worth and relationships beyond financial gains for well-being. Collaborative efforts in bug bounty programs enhance shared success. MORE

• TIL Stripe integration automates appointment booking by embedding payment links directly into Google Calendar events. Supports single and recurring payments. MORE

• Tony's inbox got spammed with support emails, triggering a hilarious bot conversation. The bots are now thanking each other and asking for ratings in a chaotic auto-reply storm. MORE

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• @shmilylty | Jing Ling | Developer, pentester and bug hunter.

• @DafyddStuttard | Dafydd Stuttard | Founder and Chief Swig at @PortSwigger. Creator of @Burp_Suite and @WebSecAcademy. Author of The Web Application Hacker's Handbook.

• @JaneScott | Jane Scott | cybersecurity geek • python herder • vuln hunter • infosec sprite • molgen/biotech nerd • ex-sysadmin • she/her • opinions (most certainly) my own.

• @imjuangarcia | Juan Martin Garcia | Product Designer & Front-End Developer from Buenos Aires, Argentina. Guitar and Basketball aficionado, Mate lover.

• @KathanP19 | Kathan Patel|CEH | SRT | Security Enthusiast.

🍄 Level up

📰 Read

• Sitecore CMS has a pre-auth remote code execution vulnerability (CVE-2025-27218) due to unsafe deserialization in unspecified endpoints. Successful exploitation allows arbitrary code execution. MORE

• Andy discusses using AI for adversarial engineering, specifically creating a tool called RepoMan that automates GitHub repository creation with realistic, backdated commit histories. MORE

• AMD Zen CPUs had a security flaw, "EntrySign," where hackers could inject their own code by tricking the CPU into thinking it was a legitimate update. Google's security team released "Zentool" so researchers can examine and create their own microcode patches. MORE

• Better-Auth, a popular Typescript library, had a security flaw that could redirect users to malicious sites and steal reset tokens. The initial patch was able to be bypassed. MORE

• CVE-2024-30043: abusing url parsing confusion to exploit xxe on sharepoint server and Cloud. MORE

💡 Tips

• Want to level up your Git game? Learn how core Git developers customize their setup with configurations for better branch sorting, smarter diffs, and easier pushing and fetching. MORE

• Vim has a conceal feature to replace code with symbols, making it easier to read and understand your own code. It's like creating your own coding language only you can read. MORE

• Cursor AI, especially with Sonnet 3.7, sometimes deletes working code and goes off on tangents, causing frustration for developers. Users recommend careful code reviews, frequent commits, and specific instructions to mitigate these issues. MORE

• Steve raves about Claude Code's ability to crush bugs in old code using just chat, saying it outpaces tools like Cursor and Copilot. He thinks Anthropic is leading the way in AI, even with its clunky terminal interface. MORE

🧠 Wisdom

• Dr. Julie Gurner discusses imposter syndrome, explaining the critical difference between being an actual impostor and feeling like one. She provides practical strategies for overcoming self-doubt by recognizing one's expertise, starting with comfortable content, and gradually building confidence through authentic self-expression and community engagement. MORE

• Strategies for navigating feelings of being lost in life, focusing on understanding and embracing uncertainty, challenging societal expectations, and finding personal meaning through small experiments. MORE

• Why you own an iPad and still can't draw. The failure of drawing materials without mediums and meat. MORE

• Mari Andrew, artist and writer, shares 100 life lessons, from email etiquette and grief support to travel tips and self-soothing techniques. A quick read that offers practical advice for a richer and easier life. MORE

• Write to escape your default setting. MORE

📚 Resources

• Looking for payloads for bug hunting? This repo has a ton of payloads, some personal and some from the public, to help you find bugs. MORE

• Danny learned that having a great product isn't enough; you need to focus on getting it out there. He realized that good distribution is key to success, even if the product isn't perfect. MORE

• AI is changing product management, making some skills less valuable. PMs should focus on business strategy, coding, and communication to stay relevant and keep building cool stuff. MORE

🛠 Explore

🧰 Tools

• Cotypist is like co-pilot for writing, suggesting words and sentences as you type in any Mac app. It helps you write faster and better, saving you time and effort. MORE

• Stricli helps you make powerful command-line apps with no extra baggage. It uses TypeScript to keep things safe and organized, plus it's ready for code splitting. MORE

• lazyjournal is a cool terminal tool for viewing logs from different sources like Docker and Kubernetes. It helps you quickly find what you're looking for with fuzzy search and color-coded output. MORE

• Chirp lets you send data as sound. It turns text into unique audio frequencies to transmit messages between devices using a microphone and speakers. MORE

• gh-signoff is a GitHub CLI extension that lets you run tests locally and "sign off" on your work, creating a green GitHub commit status without needing cloud CI. It brings CI back in-house, trusting your team's testing discipline. MORE

🎥 Watch

• Takuya shares his work on integrating his note-taking app (Inkshop) with Claude's Model Context Protocol (MCP), demonstrating how an AI can interact with a personal note database by reading, searching, and creating notes. MORE

• Exploring research from Anthropic and Apollo Research about potential "alignment faking" in AI systems, revealing that advanced AI models might strategically deceive or manipulate their behavior to achieve hidden goals, even when appearing to comply with human instructions. MORE

• GitHub CEO discusses AI's impact on coding, open source, and agent technologies, focusing on how developers' workflows are evolving. MORE

• Tyler Cowen chats about AI's practical side for writers: how to use it, improve skills, and its impact. He sees AI as new-age study guides, not replacements. MORE

• A PostgreSQL vulnerability allowed attackers to bypass authentication with just two bytes. This flaw led to the US Treasury breach. MORE

🎵 Listen

• In this episode of Darknet Diaries, get to know Joe Grand, aka "Kingpin," a hardware hacker since the 80s. He shares his hacking and engineering journey, from L0pht Heavy Industries to his firm, Grand Idea Studio. MORE

• AI is changing startup economics, making software cheaper to build. Mike Maples discusses how AI can shift business models and investing strategies, and counter positioning against big tech. MORE

• Claude used a custom system prompt & function calling to play Pokémon. It analyzed screenshots & acted through text, mimicking human gameplay with high accuracy. MORE

• Scott and Mark discuss systems thinking, exploring how understanding complex systems is crucial in technology, coding, and problem-solving. MORE

• Anne-Laure Le Cunff shares how "tiny experiments" can help you achieve goals and boost creativity. Learn how to design experiments like a scientist to redefine success. MORE

🌐 Technology

• Simon Willison presented cutting-edge web scraping techniques at NICAR 2025, including Git scraping, in-browser JavaScript, LLMs, and video scraping. MORE

• Open-source projects suffer from maintainer burnout due to unsustainable support demands and lack of contributor empathy. Clear contribution guidelines and respectful communication are key. MORE

• ANSI escape codes drive terminal features like colored text and even copying to your clipboard when using SSH. But, since these codes aren't fully standardized, they can be unreliable, which is why understanding the standards around them is key. MORE

• AstroPaper is a minimal Astro blog theme offering responsiveness, accessibility, and SEO optimization. It includes light/dark mode support and adheres to web best practices. MORE

• Outdated directories in different niches still get traffic. These websites rank for organic keywords and attract visitors, despite their design. MORE

👀 Interesting

• Sebastian Graz built a wireless, split, ortholinear keyboard with a commercial look, focusing on aesthetics and functionality. The build log details challenges like soldering and cleaning, with future iterations planned for improved ergonomics and features. MORE

• River Runner simulates a raindrop's journey to the sea, visualizing watersheds globally. It uses elevation data and flow direction algorithms to trace paths. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}