🐝 Hive Five 219 - Defeating Prompt Injections by Design

Hi friends,

Greetings from the hive!

I love Jason Bateman (from Ozark) and Will Arnett (BoJack Horseman) as actors. One day, I saw a clip of them in a documentary that made me laugh out loud.

After a few Google searches, I discovered it was part of their live podcasts.

Since then, I've started listening to their podcast whenever I think the guest will be funny. It always brings a smile to my face, especially during my daily runs.

In short, don't neglect listening to or engaging with comedy.

Let's take this week by swarm!

🐝 The Bee's Knees

• Defeating Prompt Injections by Design research by Google. LLM agents are at risk from prompt injection when handling outside data. CaMeL, a new defense, protects the LLM by separating control and data flows, preventing attacks and data leaks. MORE

• Kubernetes for Pentesters: Part 1 - Learn K8s basics, spot vulnerabilities, and explore attack paths to secure containerized applications across clusters. MORE

• Wes Bos explores the exciting potential of using AI with JavaScript, demonstrating how modern web technologies like WebGPU enable powerful AI models to run directly in the browser. He highlights five key reasons to use AI in JavaScript: speed, security/privacy, cost-effectiveness, UI integration, and workflow enhancement, showcasing multiple live demos that illustrate the practical applications of client-side AI technologies. MORE

• In this interview, Linus Torvalds reflects on the 20-year journey of Git, discussing its origins as a solution to the Linux kernel's version control needs, its unexpected widespread adoption, and how its distributed design revolutionized software development. Torvalds created Git in just about 10 days, driven by frustration with existing version control systems and the need for a more efficient tool for kernel development. MORE

• Lucas Crespo, the creative lead at Every, discusses the evolving role of design in the AI era, emphasizing the importance of art direction over pixel pushing. He explores how AI tools have transformed his creative process, allowing for more expressive and unique design approaches that prioritize emotional storytelling and visual experience over minimalist functionality. MORE

Interested in sponsoring the Hive Five? Secure your spot.

Table of Contents

• 📰 Updates

• 💼 Work

• 🌎 Community

• 🍄 Level up

• 🛠 Explore

• 📈 Learned something?

📰 Updates

✅ Changelog

• Shopify CEO shared his internal AI memo. Shopify is making AI a core skill for all employees, expecting it to boost productivity and innovation. They're integrating AI into workflows and reviews, aiming to empower merchants in the age of AI. MORE

• Wappalyzer Next's newest release (1.0.12) brings improvements to the CLI tool, making its arguments local variables and addition of 350+ signatures. MORE

• Q&A from The Future of AppSec PortSwigger webinar. MORE

💼 Work

💰 Career

• Uray, a 26-year-old former Microsoft software engineer, has successfully built four online businesses generating $60,000 monthly through innovative marketing strategies, focusing primarily on organic short-form content and creating minimum viable products (MVPs) that solve unique problems. MORE

• Jason Fried argues against relying on backlogs, which are based on old ideas. Instead, he suggests making decisions in real-time with the latest info for a fresher, more accurate approach. MORE

• Palantir is offering an alternative to college with their "Palantir Degree," skipping debt and "indoctrination". They aim to provide valuable knowledge and skills, directly challenging traditional education. MORE

💼 Hiring

• Amazon is hiring elite hardware security nerds for planet hacking. MORE

• Linear is seeking a Product Engineer to help build features for their issue tracking and project management tool. They expect strong JavaScript fundamentals and some experience working with React and TypeScript. MORE

• Danny Postma is hiring a Product Designer. He even shared a great example of an application that stood out to him last year. MORE

🚀 Productivity

• If you've been following Jess on X you know she's been obsessed with nix. Here's her global nix configurations for desktops and laptops. Note that she advises starting with simple flakes before diving into full system configurations. AI tools like Claude and OpenAI can help with Nix files if you know the right questions to ask. MORE

• Tiago Forte thinks read-later apps, like Readwise, are key for productivity. They let you control your content feed, avoiding toxic online noise and helping you focus on valuable information. MORE

• Lindy helps you make AI agents that automate tasks, like lead generation or customer support, saving you time and boosting business. It connects to your favorite apps and offers ready-made templates to get you started. MORE

• Becca explores the Light Phone 3, a $600 minimal smartphone designed to reduce digital distractions, by using it as her daily driver for two and a half weeks. MORE

• Nick discovered an accidental improvement to Obsidian's mobile experience through a sophisticated navigation system, which allows users to seamlessly move between different types of notes, sources, and categories using intuitive clicking navigation without typing or searching. MORE

🌎 Community

🎉 Celebrate

• Jenish took a month off work for the first time in 7 years and enjoyed scuba diving with friends. He says the break in nature was refreshing. MORE

• Beginning hacker discovered a critical remote code execution (RCE) vulnerability on a Netflix subdomain by leveraging reconnaissance data from NahamSec's Discord bot. MORE

• STÖK is off ADHD meds after 3.5 years and feels creative again. He's tired from built-up stress, but happier and more interested in art. MORE

⚡️ Timeline

• Ben is trying to find a healthier coffee habit. He admits to drinking 2-3 cups of black coffee each morning alone. MORE

• Douglas raves about two subscriptions: YNAB (You Need a Budget) for getting out of debt quickly and Robinhood Gold, which turned a \$50 investment into over \$4,300. They highly recommend both services for their financial benefits. MORE

• Tech is now full of people who chase trends instead of sticking to their beliefs. This hurts businesses when popular tech doesn't fit their needs. MORE

• Caido, an alternative to Burp Suite, is asking users why they stopped using their tool. Users cite missing features like active/passive scanners, lack of plugin/extension parity with Burp, and the need to create an account. MORE

• Rekdt: "Friendly reminder: Having an OSCP doesn't make you a good hacker just like having a drivers license doesn't make you a good driver" MORE

🍄 Level up

📰 Read

• Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. Exploring vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups. MORE

• GitHub Copilot lets you add custom instructions via a file in your repo, but sneaky code can be added. A single line in the instructions file could introduce backdoors, so watch out. MORE

• CVE-2025-3155 is a security flaw in Ubuntu's Yelp app that lets attackers steal files like ~/.ssh/id_rsa by tricking users into opening a link. This is done by injecting malicious Javascript code via a crafted .page file. MORE

💡 Tips

• Marc Lou, who has created over 30 startups, advises sticking to one tech stack. Don't fall for the trap of constantly switching to the newest npm or UI library. MORE

• Obsidian users can easily link to specific sections within notes by dragging headings from the outline or typing double has inside the double square brackets ##. MORE

• Cherry Studio is a desktop app for Windows, Mac, and Linux that supports multiple LLM providers like OpenAI and Gemini. It lets you manage AI assistants, process documents, and integrates practical tools, making AI easier to use. MORE

• Curious about LLM costs? This calculator helps you estimate expenses based on input and output tokens, comparing prices across models like Gemini and GPT. MORE

• Bashbunni discussing the benefits of "reinventing the wheel" by rewriting existing open-source projects as a way to escape tutorial hell and improve programming skills. MORE

🧠 Wisdom

• Michael Dean discusses the objective architecture of great writing, exploring how essays can be analyzed through a systematic framework of 27 patterns across three dimensions: idea, form, and voice. MORE

• Jodie emphasizes that individuals are not inherently "broken" and should stop obsessing over self-help and inner work as a means of avoiding action. Instead, the speaker encourages taking decisive steps forward, facing fears, and reframing perspectives to overcome emotional challenges and personal obstacles. MORE

• Managing friction: how friction, both good and bad, impacts our lives and shapes our habits. They suggest being aware of friction and using it to our advantage to improve our lives. MORE

• Many websites get cold-call emails asking for guest posts, which can be good for SEO but also risky due to potential malware. The author tested this by accepting a pitch, receiving a solid article on home maintenance, and ensuring safety via a virtual machine. MORE

• Mind-blowing inventions like suitcase wheels and the high five are surprisingly recent. Discover other late-blooming creations, from ciabatta bread to the realization that babies feel pain. MORE

📚 Resources

• A curated list of Bug Bounty programs not on HackerOne, Bugcrowd or other platforms. MORE

• Compare free cloud tiers from AWS, Azure, Google, and more. Find the best options for compute, storage, and databases to start building without breaking the bank. MORE

• Discover a treasure trove of cybersecurity search engines. This awesome list helps researchers find everything from leaked credentials to threat intelligence and even public files on various platforms. MORE

• Not The Hidden Wiki is a large, free cybersecurity resource with over 3070 links. Whether you're new or a pro, find tools, articles, and learning paths to boost your skills. MORE

• ProjectDiscovery's nuclei-templates-ai uses AI to quickly make security templates for new vulnerabilities. This helps find threats faster, but do not use these templates in production without thorough validation. MORE

🛠 Explore

🧰 Tools

• ScopesExtractor allows you to monitor bug bounty programs across multiple platforms to track scope changes. MORE

• Evercookie is a Javascript API that creates super persistent cookies by storing data in many browser storage mechanisms. It identifies users even after they clear standard cookies, Flash cookies, and more. MORE

• The remind calendar utility offers scheduling power unmatched by other programs, allowing for advanced features like expression evaluation and conditional testing of events. It is a powerful tool for managing complex reminders and schedules. MORE

• VERT is a free, open-source file converter that works right on your device using WebAssembly, so your files stay private. You can even host it yourself for total control. MORE

• ntfy is a simple way to send push notifications to your phone or computer from any script via HTTP, without sign-ups or fees. It's great for getting alerts from your systems, with apps for Android and iOS, or self-hosting your own server. MORE

🎥 Watch

• AI Agents, Clearly Explained. A breakdown of the evolution from basic LLMs like ChatGPT to AI Workflows and finally to true AI Agents through practical, real-world examples. MORE

• Reduce Cursor errors by 90% with a task management system. This helps AI coding agents understand the implementation plan and control context for each step. MORE

• Google talk: Award-winning neuroscientist and entrepreneur, Anne-Laure Le Cunff, discusses her book "Tiny Experiments: How to Live Freely in a Goal-Obsessed World"— a transformative guide for living a more experimental life, turning uncertainty into curiosity, and carving a path of self-discovery. MORE

• Guillermo Rauch, founder of Vercel and creator of v0, is on a mission to democratize product development by expanding the pool of potential builders from 5 million developers to over 100 million people worldwide through AI-powered tools. The podcast explores how AI is radically transforming product creation, making it faster, more accessible, and enabling more people to become builders without traditional coding expertise. MORE

• Want to master Caido? This YouTube playlist offers quick tutorials (under 2 minutes) on using its features, like the workflow editor and HTTPQL, to level up your hacking skills. MORE

🎵 Listen

• Interview with Eduart Steiner (aka Skyper), a prominent figure in the early cybersecurity and hacking community, who was the editor of Phrack Magazine from 2001-2006 and a member of hacking groups TESO and THC. MORE

• Jonathan Jacobi shares his journey from a young computer enthusiast to a cybersecurity professional, highlighting how passion, continuous learning, and strategic networking helped him progress through various roles in technology and cybersecurity. He emphasizes the importance of being open to opportunities, working hard, and using multiple "cards" (skills and connections) to achieve one's goals. MORE

• Distribution & Taste with Adam Wathan (TailwindCSS creator). They talk about everything from Disney Cruises to what he wants to do on YouTube and a whole lot more. MORE

• Smartless podcast go in the weeds with Larry David on critical items: dinner parties, romance novels, The Golden Rule, Halloween… MORE

🌐 Technology

• GoAlert is an open-source tool that helps teams manage on-call schedules and automate alerts via SMS or voice calls. It makes sure the right person is notified at the right time. MORE

• Google's A2A protocol lets different AI agents communicate, regardless of how they're built. This open standard helps agents work together to solve problems. MORE

• Liam ERD automatically makes pretty and easy-to-read diagrams of your database. It helps you see how all your data is connected, whether it's a public or private project. MORE

• Directus is a flexible backend that turns your database into a CMS with instant APIs and custom UIs. It supports various databases and offers a no-code app, making it easy for anyone to manage content. MORE

👀 Interesting

• Research paper on the cost of brain state transitions. A mathematical framework traditionally used in technology and engineering, called network control theory (NCT), is being applied to understand the brain. MORE

• Worried about secret messages? Emoji translator helps decode teen texts with slang & emojis, covering sexting, drugs, & bullying. A must-have for parents. MORE

• Nature has solutions for humanity's challenges. AskNature shows how we can learn from other species' successful strategies for innovation. MORE

• Explore the sounds of "Amphibian Love Songs and Soundscapes," featuring frog calls from around the globe, from Myanmar to Poland, and even a frog synthesizer. MORE

• Explore Vietnamese graphic design through posters, stamps, music sheets, and more. From propaganda art to vintage matchboxes, see how design reflects Vietnam's history and culture. MORE

💭 Quote

📈 Learned something?

Until next week, take care of yourself and each other,

Bee 🐝

^{This newsletter may contain affiliate links that support its costs. These links lead to tools, courses, and resources that I've personally found helpful.}