🐝 Hive Five 215 - Prompt Your Way To Personal Growth

Hi friends,

Greetings from the hive!

I was struggling to create tasks the way I wanted them formatted and feed them into Obsidian, so I let Cursor write the raw JavaScript to resolve the issue.

Mainly, I wanted to use a particular format for each of my markdown todo's:

- [ ] Task name or description - ➕[Current date] File name #[Type of todo: task, consume, idea]

Also, I started a Vibe Coding playlist. If you have any suggestions, feel free to let me know what's missing.

Let's take this week by swarm!

🐝 The Bee's Knees

• How @simonw uses LLMs to help them write code. Not getting the right results with vibe coding? You're not alone! It's tricky, but with the right techniques, you can make these models work for you. MORE

• "Beyond the Hook" dives into the latest phishing tricks used by scammers in 2025, from simple fake pages to sneaky multi-factor authentication bypasses. Learn how these criminals set up their infrastructure and deliver their attacks. MORE

• By exploiting a hidden parameter in YouTube's API, @brutecat was able to expose creator emails, resulting in a $20,000 bounty. MORE

• Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines. MORE

• Scott Hanselman talks about AI hype, arguing it should improve lives, not just be trendy. He demos local AI models, showing how they can be useful without needing huge data or power. MORE

Interested in sponsoring the Hive Five? Secure your spot.

📰 Updates

✅ Changelog

• Waymore v5.1 fixes a bug where the URLScan API returned a 429 error due to the User-Agent being flagged by a WAF. It now uses a specific User-Agent ("waymore by xnl-h4ck3r") to avoid this issue. MORE

💼 Work

💰 Career

• If you hate your job, focus on creating value, expanding your skills, and strategically improving your current role or gradually developing an exit plan that leverages your existing professional experience. MORE

• Sam Parr went from selling hot dogs to building The Hustle, a newsletter with 2 million subscribers, by throwing live events, creating viral content, and mastering copywriting. He also wasn't afraid to ask for help, pushing his network to grow his business. MORE

• CrowdStrike is hiring a Reverse Engineer to analyze malware and improve threat detection on their Falcon platform. If you have experience with reverse engineering and want to stop breaches, this remote role might be for you. MORE

• Bella is looking for a remote Reverse Engineering (RE) job while in grad school. She enjoys diving into software and specs, especially for embedded devices and telecom security research. MORE

🚀 Productivity

• Obsidian QuickAdd Plugin: How to Create Better Notes in Seconds. MORE

• How to use the Things task manager to organize your life, like work and personal tasks, with areas, projects, and recurring reminders. Automate common tasks to save time and stay on top of everything. MORE

• Make your Obsidian notes interactive with the Meta Bind plugin. Create input fields, metadata views, and buttons that link to your note's properties for live editing. MORE

• Mochi is a simple flashcard app that uses markdown, tags, and even AI to help you study. It's also offline-first, so your data is stored locally and can be synced later. MORE

🌎 Community

⚡️ Timeline

• Have I Been Pwned is getting a rebrand! The new logo is based on a SQL injection pattern ( ';-- ) and the UX is being rebuilt with Bootstrap 5, Vanilla JS, and Sass, with the code open-sourced on GitHub. MORE

• The German Hacking Championship (DHM) is a multi-day event where German students compete in CTF, network, and build lasting relationships. It's a great opportunity for young people to start a cybersecurity career. MORE

• DHH criticizes Apple's recent ad, AI, and overall lack of progress, lamenting how far the company has fallen from its "Think Different" days.

💛 Follow
Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• @mongobug | mongo | I like bug bounty programs and breaking things that other people have built. I love kudos.
• @nijagaw | Nico | Former Red Team at Tesla, Founder of @codegrazer, Penetrationtester, bughunter.
• @samengmg | samuel eng |
• @katherinecodes | Katherine Oelsner | Senior Software Engineer @github.
• @ow | Owen Williams ⚡ | Kiwi in Canada via Amsterdam • Design manager @stripe leading developer experience + apps. prev @shopify.

🍄 Level up

📰 Read

• Bellingcat unmasked a Malaysian wildlife trafficker, "BK," who openly advertised endangered animals online. MORE

• Wiz Research discovered "SAPwned," a vulnerability chain in SAP AI Core that could've allowed attackers to access customer data and cloud environments. SAP has fixed the issues, preventing potential supply-chain attacks and data breaches. MORE

• Github scam investigation: Thousands of "mods" and "cracks" stealing your data. MORE

• Monorepos can be useful for big projects, but they often cause headaches when contributing or fixing bugs in open-source packages. They add complexity and can lead to more defects, so simpler approaches are often better. MORE

• @m4st3rspl1nt3r found a vulnerability in all major mobile browsers that allowed an attacker within Bluetooth range to take over PassKeys accounts by triggering FIDO:/ intents. MORE

💡 Tips

• Consider using color and categories in your calendar based on vibes and emotion. MORE

• AI is changing the game. Learn how Marc practically uses AI to code 10x faster, design interfaces, and even brainstorm project architecture. MORE

• Shaan Puri discusses the art of storytelling, emphasizing that a great story is not just a timeline of events, but a transformation that captures emotion and creates a specific reaction in the audience. MORE

• How to craft precise AI prompts to streamline cybersecurity tasks and bypass AI content limitations. MORE

🧠 Wisdom

• Costco's success stems from its unique approach of prioritizing employee welfare, maintaining low prices, and creating a corporate culture that values simplicity, ethical leadership, and long-term sustainability over short-term profits. MORE

• TESS discusses a collaborative RCE. By identifying an unusual subdomain running a third-party open-source software, they were able to find a critical security flaw that allows executing bash scripts server-side. MORE

• Astronauts feel the "overview effect" when seeing Earth from space, gaining awe and unity. You can feel it too by looking at nature or using VR. MORE

• Adam suggests ditching "vibe coding" for Claude Code, letting AI handle tedious tasks, and focusing on enjoyable parts of programming. MORE

• A small company wanted to add AI but hired an agency that proposed a complex, expensive solution. A veteran dev, not wanting to spend so much time and money, learned GenAI and built the feature himself in 2 months. MORE

📚 Resources

• Jakobi revamped their website dashboard and started porting in their PowerShell payloads. MORE

• DistrictCon 2025 talks, ranging from binary exploitation to infosec policy. The con focuses on community growth through action, engagement, and enlightening policymakers. MORE

• Crowdsourced must-have Mac apps recommendations. MORE

🛠 Explore

🧰 Tools

• Supercharge enhances your Mac experience with useful features like keyboard shortcuts and Finder tweaks. It gives you more control over your macOS without needing complex setups. MORE

• JsRouteScan is a Burp Suite plugin that sniffs out routes in web responses using regular expressions. MORE

• Anubis is a tool that finds subdomains and gathers info using sources like VirusTotal and Shodan. It helps you learn more about a target domain. MORE

• Mailcat helps you find email addresses linked to a nickname without notifying the user. It checks multiple providers using APIs and SMTP, great for OSINT investigations. MORE

• Gixy is a tool to analyze NGINX configuration. The main goal is to prevent security misconfiguration and automate flaw detection. MORE

🎥 Watch

• The VueJS Amsterdam conference is the biggest Vue event with speakers like Evan You, creator of Vue, and talks on Vue, Vite, and Nuxt. DAY 1 | DAY 2

• Prompt Your Way To Personal Growth with Steve Schlafman. He talks about using it for dream analysis, emotional breakthroughs, and personal growth. MORE

• 2025: The Dawn of Energy Abundance. Energy is the basis of everything. This video explores civilization's progress through history with the use of energy and what it may look like in the future. MORE

• Johnny Harris discusses his unique approach to creating YouTube videos, emphasizing a storytelling process that prioritizes craftsmanship, curiosity, and human connection over algorithmic optimization. MORE

• Anthropic's Model Context Protocol (MCP) is like a USB-C for AI, linking apps to powerful APIs. This tutorial teaches you to build and share MCP servers using TypeScript, so anyone can use your AI creations. MORE

🎵 Listen

• Vercel's CEO Guillermo Rauch explains how the company revolutionizes cloud infrastructure by making web deployment as simple as using Squarespace, while leveraging AI and focusing on an application-first approach that abstracts away complex infrastructure challenges for developers. MORE

• Ivan Zhao, co-founder of Notion, shares the challenging early years of building a horizontal productivity tool, describing the first three to four years as the "lost years" where they struggled to find product-market fit. MORE

• How to become an XSS expert with renniepak. They talk about XSS, CSP bypasses, privilege escalation, speeding up the workflow with tricks like JS bookmarks and discuss if there's such thing as bug bounty methodology. MORE

• Anne-Laure Le Cunff chats about using small experiments to live a more intentional life in the latest "Focused" podcast. Learn how tiny changes can make a big difference in your focus and productivity. MORE

• In this episode of Syntax, Scott and Wes predict web development trends for 2025, like on-device AI and the resurgence of Vanilla CSS. They also discuss potential moves from Bun, React, and other frameworks. MORE

🌐 Technology

• The Model Context Protocol (MCP) is gaining traction as the leading standard for AI agents, thanks to its AI-native design and backing from Anthropic. Experts believe MCP will beat out OpenAPI as the top agent standard in July. MORE

• Anders Hejlsberg, lead architect of TypeScript and Technical Fellow at Microsoft, introduces a new port of TypeScript in Native Go that will deliver the next generation of high-performance developer tooling. MORE

• Supabase gained popularity by making PostgreSQL easier to use with tools like authentication and APIs. They focus on community input and creating helpful content, proving they're more than just a Firebase alternative. MORE

• Lynx is a customizable, text-based web browser that's been around since 1992, making it the oldest browser still updated! It's great for low-bandwidth connections and protecting your privacy by blocking web bugs. MORE

• EA open-sourced the code for classic Command & Conquer games, letting fans mod and preserve them. The community can now make new features and keep the games alive. MORE

👀 Interesting

• Joe Lonsdale, who helped start Palantir, shared unfiltered advice on AI investing and hiring. He even talked about intelligence operations against his companies and building a new university. MORE

• Imagine a worldwide AI "rainforest" accessible to everyone, fueled by shared knowledge and planetary data. This "Public Intelligence" aims to be a non-profit AI, ensuring AI benefits all, not just corporations. MORE

• This resource offers positive affirmations to support healthy child development. It gives parents and caregivers tools to encourage kids' self-esteem and growth. MORE

• Geist is a typeface from Vercel made for developers and designers. It has both a readable monospace version for coding and a sans version for design, inspired by Swiss minimalism. MORE

• Eggnog's Time Portal is a daily challenge where you travel through time to identify historical events. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}