🐝 Hive Five 217 - High Agency and the Beginner's Mind

Hi friends,

Greetings from the hive!

Had an awesome weekend. Tried out this German place nearby and wow, Bitburger Radler is seriously delicious. Might be my new favorite beer.

Let's take this week by swarm!

🐝 The Bee's Knees

• tmp.0ut Volume 4 encourages approaching tech with a "beginner's mind", questioning everything and exploring possibilities with imagination. Hacking isn't just about tech skills; it's about understanding ourselves and our interactions with the world. MORE

• "High agency" is about taking control and solving problems. It's about viewing yourself as a source of change, not just someone life happens to. You wake up in a 3rd world jail cell. You’re only allowed to call one person you know to get you out of there. Who do you call? MORE

• IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX. Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover. MORE

• The Ultimate Guide to Writing with AI. This is one of the most in-depth looks at what it means to be a writer in 2025. MORE

• Max Joliff, an ultra trail runner from Southern California, competes in and ultimately wins the grueling Moab 240-mile ultramarathon after an intense race against Harry Sveres. MORE

Interested in sponsoring the Hive Five? Secure your spot.

📰 Updates

✅ Changelog

• Sam Bent introduces Darkweb Daily, a new tool for navigating the darknet with admin-verified links and real-time uptime monitoring, making dark web exploration safer. It's like a search engine for the dark web, but without the shady stuff. MORE

• SAMLStorm is a critical vulnerability in xml-crypto and Node.js SAML libraries that allows attackers to forge authentication responses, potentially granting unauthorized access to accounts. MORE

• Obsidian Web Clipper 0.11.3 lets you save Claude and ChatGPT chats as Markdown all the Deep Research references are included as footnotes. MORE

💼 Work

💰 Career

• Y Combinator's pocket guide shares insights for founders, like doing things that don't scale and focusing on one thing. MORE

• 9 practical strategies for employees to make more money and advance their careers within their current jobs, focusing on building strong relationships with managers, improving communication skills, and proactively managing career development. MORE

• Keep up with the Joneses: see who's leaving major companies and which tech teams are growing the fastest. MORE

🚀 Productivity

• The video discusses digital minimalism, a concept of being intentional with attention in an overstimulated digital world. Bashbunni explores strategies to reduce digital dependency, emphasizing the importance of mindful technology usage and finding alternative activities that provide meaningful stimulation and relaxation. MORE

• An interview with a 35-year-old CEO discussing his daily routine and leadership philosophy, focusing on his approach to work-life integration, productivity, and maintaining a balanced professional environment at Red Lobster. MORE

• Hoarder is an open-source "Bookmark Everything" app that uses AI to automatically tag content, perfect for self-hosting. It lets you save links, notes, images, and PDFs, with handy browser extensions and mobile apps to keep everything organized. MORE

• Trick yourself into productivity the same way you trick yourself into procrastination. MORE

🌎 Community

⚡️ Timeline

• Ian's Seats.aero just hit $8M ARR + 500k MAU! MORE

• Jason cooked up his personal recon framework MCP and can now natural language prompt it with an AI agent. MORE

• Google's Android Vulnerability Reward Program (VRP) is offering a $1,000 bonus for researchers who submit a High or Critical severity report with an AutoRepro test that validates the vulnerability. The test must be automated, compatible with Linux, and submitted with the initial report to qualify. MORE

• g0lden is back! Addressing the break, upcoming plans, and new content. MORE

• D Day on on the fact that Bug Bounty Platforms need to start moving towards offering in-app features that are exclusive to hackers that have attained a certain level of status. MORE

💛 Follow Awesome accounts to follow. Randomly selected from my curated Twitter lists.

• @bxmbn | against the odds.

• @notshenetworks | shenetworks | a menace • a hacker • shenetworks @ TikTok & YouTube & Twitch (She/Her).

• @Rayhan0x01 | Rayhan Ahmed | AppSec Engineer | CTF Admin @RedTeamVillage_ | Ex @hackthebox_eu Staff| OSCP, OSWE.

• @ctbbpodcast | Critical Thinking Bug Bounty Podcast | A 'by Hackers for Hackers' podcast focused on technical content ranging from bug bounty tips, to write-up explanations, to the latest exploitation techniques.

• @GertyBoy27 | harrymg | Security Research/Bug Bounty @Hacker0x01, @Bugcrowd | Indie Game Dev.

🍄 Level up

📰 Read

• Reverse engineering LLMs like Claude 3.5 Haiku is like biology, using tools to understand their inner workings. Researchers apply attribution graphs to dissect reasoning, planning, and even multilingual capabilities. MORE

• Arslan, once skeptical of AI coding, now sees its potential after using Claude Code to write a unit test, saving hours of work. He suggests others experiment with AI tools like Cursor or Claude Code to see how they fit into their workflow. MORE

• Powerful A.I. Is Coming. We’re Not Ready. Three arguments for taking progress toward artificial general intelligence, or A.G.I., more seriously — whether you’re an optimist or a pessimist. MORE

• A Deep Dive Into MCP and the Future of AI Tooling. If adopted widely, MCPs can represent a shift in how tools are built, consumed, and monetized. MORE

• They hacked Google’s A.I Gemini and leaked its source code (at least some part). MORE

💡 Tips

• This one is for the content creators. Use ChatGPT's new image generations for thumbnails. MORE

• How to convert images generated by Open AI's new GPT4o model to editable vectors. MORE

• Cursor/VSCode tip: change the default view mode to "tree" for search results and source control items. MORE

• How to use NotebookLM, an innovative AI tool from Google designed to help users understand and learn complex topics by creating personalized, context-rich interactions. MORE

• Mohsin on giving your goals one last shot: "Before giving up on anything, give yourself one last chance with a deadline and go all in. If it doesn’t work, you’ll walk away knowing you gave it everything. This way, you’ll truly know if you have what it takes to pursue it." MORE

🧠 Wisdom

• Discover your attachment style (secure, anxious, avoidant) with this quiz. Understanding it can boost your relationships by identifying how you relate to intimacy, and help you build a "secure village." MORE

• Go do business - Business isn’t something you learn in books. Or posts. Or threads. You can’t read your way to the right hire. MORE

• "High Agency Hacking" discusses how taking initiative can boost your bug bounty performance. By requesting more scope/credentials, writing high-quality reports, and collaborating, you can influence outcomes in your favor. MORE

• Beware easy dopamine hits. Activities like endless scrolling or mindless games give quick rewards, but effortful activities like writing or hiking are more fulfilling. MORE

• AI-driven productivity can backfire, leading to overwork as expectations rise faster than capabilities. To thrive, focus on meaningful impact and being authentically yourself, rather than chasing endless optimization. MORE

📚 Resources

• The highest-ranking personal blogs of Hacker News. MORE

• Notes jotted down while taking the Certified Red Team Ops training. MORE

• Hacker Laws: Laws, Theories, Principles and Patterns that developers will find useful. MORE

• OpenResty/lua-nginx-module HTTP Request Smuggling in HEAD requests - CVE-2024-33452. MORE

• MCP Servers, One Managed Registry. Unlock the full potential of your language models with the MCP Registry - the central hub for Model Context Protocol servers that expand your AI's capabilities. MORE

• Doing the Due Diligence: Analyzing the Next.js Middleware Bypass (CVE-2025-29927). MORE

🛠 Explore

🧰 Tools

• GitDiagram creates interactive diagrams from GitHub repos, letting you quickly visualize project structure. Just swap 'hub' with 'diagram' in any GitHub URL to try it. MORE

• ClatScope is a versatile OSINT tool for investigators and pentesters. It helps you find geolocation, data breaches, and more, using API keys or a subscription service. MORE

• An experimental high-performance DNS query bruteforce tool built with AF_XDP for extremely fast and accurate bulk DNS lookups. MORE

• multidoc is a Go tool that sends your prompts to OpenAI, Claude, and Gemini all at once. It then summarizes their responses so you can easily compare the AI models. MORE

• mdq is like jq but for Markdown, letting you pinpoint parts of documents like GitHub PRs. It uses a filter syntax that mirrors Markdown to find sections, lists, links, and tables, making it easier to enforce templates. MORE

🎥 Watch

• ghidraMCP, an innovative approach that enables AI models to autonomously perform reverse engineering tasks using the Model Context Protocol (MCP). MORE

• This Simple URL Encoding Made NahamSec $50,000 in Bounties. How understanding Java's URL handling can expose critical system details, leading to significant bug bounty rewards by accessing hidden or protected actuator routes. MORE

• Episode 116: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives a quick rundown of Portswigger’s SAML Roulette writeup, as well as some Google VRP reports, and a Next.js middleware exploit. MORE

• Jonny Miller uploaded his entire life to ChatGPT to use it as the ultimate AI coach. He created what he calls a Codex Vitae—with core personality traits, values, goals, burnout signals and more to load into ChatGPT. MORE

• Leet Heat ep. 4, a hilarious web development trivia game show where two contestants, Chris and Jeremy, compete by answering technical questions across various categories like Authentication, CSS, and Accessibility. MORE

🎵 Listen

• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy. MORE

• Dharmesh Shah on Intelligent Agents, Market Inefficiencies, and Building the Next AI Marketplace. MORE

• The power of review and reflection in your focused productivity system. MORE

• Bob Moesta, co-creator of the Jobs to Be Done framework, recently published a new book, Job Moves. Drawing from interviews with over 1,000 people about their career transitions, it offers a practical playbook for career development. MORE

🌐 Technology

• Mischa's backup strategy, emphasizing the importance of having a robust system to protect personal and professional digital data. He details his approach using the 3-2-1 backup principle, implementing a Synology NAS, cloud storage, and the Restic backup tool. MORE

• What Makes Code Hard To Read: Visual Patterns of Complexity. MORE

• PlanetScale's blog post discusses the evolution of storage devices and the impact of cloud computing on IO performance. It introduces Metal, a new service with direct-attached NVMe SSDs, offering blazing-fast speeds and unlimited IOPS for your cloud database. MORE

• Want to level up your JavaScript skills? This GitHub repo offers practical examples of essential design patterns like Singleton and Observer, helping you write cleaner, more efficient code. MORE

• Want to dive deep into FFmpeg and see how your computer really works? This GitHub repo offers assembly language lessons to help you contribute to FFmpeg. MORE

👀 Interesting

• Explore diverse drum machine patterns. Discover and share rhythms across genres like hip hop, house, and techno. MORE

• Larry Sanger, a philosopher and co-founder of Wikipedia, shares his journey from a staunch skeptic to a Christian, detailing the intellectual and moral shifts that led to his conversion. He re-examined arguments for God, read the Bible, and now seeks to defend his faith. MORE

• Scale the world with the Napkin Math Tool. This interactive site helps you estimate quantities, probabilities, time, money, and more, perfect for quick reality checks. MORE

• In 2024, Jasmin Paris made history by becoming the first woman to finish the Barkley Marathons, widely known as one of the hardest races in the world and a defining test in ultrarunning and trail running. MORE

• What's the difference between $100, $10000 and $100000 speakers? Redditors explain. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}