integrity checks Archives

Tech Optimizer

November 27, 2025

How Letta builds production-ready AI agents with Amazon Aurora PostgreSQL

AI agents benefit from persistent memory, enabling them to recall past interactions and maintain context, which enhances customer experience in scenarios like customer service. The Letta Developer Platform allows developers to create stateful agents with advanced context management features. It supports self-hosting within a virtual private cloud and uses Amazon Aurora PostgreSQL for long-term memory storage. Aurora PostgreSQL offers capabilities such as efficient similarity searches with the pgvector extension, sub-second query latency, and dynamic storage scaling. Letta operates as a persistent service, allowing agents to function independently and scale horizontally using Kubernetes. The platform supports multi-tenancy and includes enterprise features for security and monitoring. To set up an Aurora Serverless cluster for Letta, users must create a database on Amazon RDS, configure security group access, and install the pgvector extension. Letta connects to Aurora using a PostgreSQL connection string. After establishing the connection, users can create agents, send messages, and view agent states and conversation histories stored in Aurora. Letta organizes data in 42 tables, including those for agents, messages, and memory blocks. Users can explore the database schema and examine the structure of stored messages and embeddings. Finally, it is recommended to delete the Aurora cluster and associated resources after completing the integration to avoid charges.

Tech Optimizer

November 2, 2025

New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files

An upgraded release of the EDR-Redir V2 tool has been developed to circumvent Endpoint Detection and Response (EDR) systems by using Windows bind link technology. This version targets the parent directories of EDR installations, such as Program Files, and creates redirection loops that blind security software while keeping legitimate applications intact. Unlike its predecessor, EDR-Redir V2 uses a more complex mechanism that loops subfolders back to themselves, isolating the EDR's path for manipulation without triggering alarms. The tool utilizes the bind link feature from Windows 11 24H2, allowing filesystem namespace redirection without needing kernel privileges. EDR solutions typically secure their subfolders but cannot entirely restrict writes to parent directories. EDR-Redir V2 queries all subfolders in a targeted parent directory and mirrors them in a controlled directory, establishing bidirectional bind links that create loops for normal access by non-EDR software. In a demonstration against Windows Defender, EDR-Redir V2 successfully redirected access to its operational files, making Defender blind to its actual files. This technique highlights vulnerabilities in EDR systems regarding filesystem manipulations at the parent directory level, suggesting that folder-specific safeguards are inadequate. Although there are no widespread reports of exploits using this method, it poses significant concerns for enterprise environments, prompting security teams to monitor bind link usage in critical directories and implement integrity checks on EDR paths.

Tech Optimizer

October 14, 2025

New IAmAntimalware Tool Injects Malicious Code Into Processes Of Popular Antiviruses

A new tool called IAmAntimalware was released on October 11, 2025, by a developer known as Two Seven One Three on GitHub. It is designed to infiltrate antivirus software by injecting malicious code, exploiting vulnerabilities in Windows service cloning and digital signature manipulation. IAmAntimalware can clone legitimate antivirus services, allowing it to bypass antivirus self-protection mechanisms. It modifies the Windows Cryptography API registry to hijack the cryptographic provider and supports COM object CLSID manipulation for component loading. The tool relies on a companion tool named CertClone to duplicate valid Windows certificates, making injected DLLs appear legitimate. Demonstrations have shown its ability to inject code into processes like Bitdefender’s BDProtSrv, creating unauthorized files within antivirus folders. Although widespread exploitation has not yet occurred, its open-source nature and straightforward design could lead to increased adoption. Security analysts rate the technique as medium severity due to its reliance on system access and lack of zero-day exploits, highlighting vulnerabilities in antivirus trust models. Experts recommend monitoring unusual module loads and enforcing strict certificate trust policies to mitigate risks associated with IAmAntimalware.

AppWizard

October 12, 2025

The Need for Speed Underground 2 Unreal Engine 5 Fan Remake Looks Better Than Ever

In January 2025, a demo for a fan remake of Need for Speed Underground 2 using Unreal Engine 5 was unveiled. The project, developed by apfelbaum, features a fully playable Career Mode, although it currently lacks AI opponents, traffic, and destructible environments. Future updates are expected to improve driving mechanics, introduce a new weather system, and update the car paint model. A new launcher will be introduced to streamline user experience, allowing easy downloads, updates, and integrity checks of game files. The previous demo is accessible through RPGGameplay’s Discord server. Additionally, various other fan-made demos are available, including remakes of popular games like Superman, Halo 3: ODST, and more.

Tech Optimizer

October 11, 2025

Hackers Can Inject Malicious Code into Antivirus Processes to Create a Backdoor

A new cybersecurity technique allows attackers to exploit antivirus software by injecting malicious code into its processes, evading detection and compromising security. The method involves cloning protected services and hijacking cryptographic providers to create a backdoor in the antivirus installation folder. This technique takes advantage of antivirus solutions' reliance on operating system features and less-guarded auxiliary components. By exporting and importing registry keys, attackers can create a duplicate service that retains the original's configurations, allowing for the injection of malicious DLLs during service startup. An open-source tool named IAmAntimalware automates this process, successfully demonstrating the technique with various antivirus programs. To mitigate these threats, monitoring of module loads, auditing trusted certificates, and enforcing security features are recommended.

AppWizard

October 2, 2025

This dangerous new Android malware disguises itself as a VPN or IPTV app – so be on your guard

Cybersecurity researchers from Cleafy have identified an Android trojan named Klopatra, which targets banking and cryptocurrency users by stealing funds from banking applications and cryptocurrency from hot wallets. This malware, attributed to a Turkish threat actor, has been active since March 2025 and has undergone 40 iterations. It is distributed through a deceptive app called Modpro IP TV + VPN, which requests Accessibility Services permissions upon installation. Klopatra employs advanced techniques to evade detection, including the use of Virbox for code protection, minimizing Java and Kotlin usage, NP Manager string encryption, and multiple anti-debugging features. Currently, at least 3,000 devices in Europe have been compromised by this malware.

Tech Optimizer

September 25, 2025

PostgreSQL 18.0 Released With Async I/O, Performance Improvements

PostgreSQL 18.0 has been released, featuring initial support for NUMA awareness, AVX-512 usage for CRC32C computations, and asynchronous I/O support, including initial support for IO_uring on Linux. It includes performance optimizations such as self-join elimination and SIMD-optimized JSON escaping. The release also introduces virtual generated columns, temporal constraints, enhanced text processing capabilities, replication improvements, a refined vacuum strategy, and enables page checksums by default in the initdb command.

Winsage

September 16, 2025

Microsoft says Windows September updates break SMBv1 shares

Microsoft has acknowledged that the September 2025 Windows security updates are causing connection difficulties with Server Message Block (SMB) v1 shares across various platforms, including Windows 11 versions 24H2, 23H2, and 22H2, and Windows 10 versions 22H2 and 21H2, as well as Windows Server 2025 and Windows Server 2022. The issue occurs when connecting to SMBv1 shares via the NetBIOS over TCP/IP (NetBT) protocol after installing the September 2025 update or later. Microsoft is working on a resolution and has provided a temporary workaround that involves enabling traffic on TCP port 445. SMBv1 has been largely phased out and officially deprecated since 2014, with Microsoft urging system administrators to eliminate support for it due to security vulnerabilities, especially after the 2017 leak of NSA exploits that targeted SMBv1.

AppWizard

August 1, 2025

Google Messages will finally tell you when your custom ROM is the problem (APK teardown)

Google has implemented a measure to enhance the security of its messaging platform by preventing devices that fail Play Integrity checks from sending Rich Communication Services (RCS) messages. This decision has led to users experiencing vanished messages without explanation, particularly affecting those with rooted phones or custom ROMs. Recent developments indicate that Google Messages will now inform users when their devices do not meet security requirements, with a new text string stating, "Your device does not meet security requirements," expected to appear in the RCS settings. Additionally, a "Details" button is anticipated to provide further clarification on RCS limitations. This change aims to improve user communication and reduce confusion regarding message disappearances.