language model Archives

Winsage

April 7, 2025

EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher

EncryptHub has been linked to breaches affecting 618 organizations and is associated with the disclosure of two Windows zero-day vulnerabilities, CVE-2025-24061 and CVE-2025-24071, to Microsoft. The vulnerabilities were addressed during the March 2025 Patch Tuesday updates, and the reporter was acknowledged as 'SkorikARI with SkorikARI.' Investigations revealed a connection between EncryptHub and SkorikARI, following an incident where EncryptHub exposed their credentials. SkorikARI's accounts were used to report the vulnerabilities, contributing to Windows security. Evidence linking SkorikARI to EncryptHub includes password files exfiltrated from EncryptHub's system and a GitHub account associated with SkorikARI. EncryptHub has previously attempted to market zero-day vulnerabilities on underground forums and is believed to have affiliations with ransomware groups. The threat actor has executed social engineering campaigns, phishing attacks, and developed a custom infostealer known as Fickle Stealer. They created fictitious social media profiles and websites, such as a fake project management application called GartoriSpace, which installed malicious files on unsuspecting users. EncryptHub has also been implicated in exploiting a Microsoft Management Console vulnerability, CVE-2025-26633.

Winsage

March 29, 2025

How to use the Warp AI-enabled terminal for Windows or Linux

Warp is an intelligent terminal application that enhances the terminal experience by utilizing a natural language model to interpret commands. It features a familiar interface similar to Linux or PowerShell, supports multiple tabs, and includes an output window for displaying responses and code snippets. Users can enter commands in natural language or traditional code, and it is free to use with an optional paid plan. Warp allows users to execute OS-level commands, such as listing directory contents and saving the output to a file. It also simplifies complex tasks like renaming images based on creation dates through natural language processing. Additionally, Warp can assist in coding by creating Python scripts, verifying library installations, and generating executable files using PyInstaller. The entire process can be completed quickly, demonstrating Warp's capability to streamline development for users of all skill levels.

AppWizard

March 25, 2025

With Nvidia Ace taking up 1 GB of VRAM in Inzoi, Team Green will need to up its memory game if AI NPCs take off in PC gaming

Nvidia unveiled its latest RTX technologies, including the Ace suite of digital human technologies, at the Game Developers Conference (GDC). The game Inzoi, reminiscent of The Sims, is one of the first to utilize Nvidia Ace, enhancing character interactions through 'thought bubbles' that reveal emotions and intentions. The AI system is powered by the Mistral NeMo Minitron, a language model with 500 million parameters, using 1 GB of VRAM. This model is limited to NPCs within the player's line of sight and does not change a character's life trajectory. While smaller models can lead to inaccuracies, the potential for larger models in expansive RPGs is significant. Nvidia has maintained an 8 GB memory standard for its mainstream graphics cards, but the demand for more advanced AI may prompt a reevaluation of VRAM offerings. High-end GPUs like the RTX 5070 Ti and RTX 5080 offer 16 GB of VRAM, which is becoming more common in affordable graphics cards.

Winsage

March 19, 2025

Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)

Microsoft has identified a spoofing vulnerability in Windows File Explorer, designated as CVE-2025-24071, with a CVSS score of 7.5. This vulnerability affects various versions of Windows, including Windows 10 (multiple versions), Windows 11 (multiple versions), and Windows Server (multiple versions). Unauthenticated attackers can exploit this vulnerability by crafting RAR/ZIP files containing a malicious SMB path, potentially exposing the user's NTLM hash. Microsoft has released a security patch for supported product versions, and affected users are advised to install it promptly. Users can check their system's vulnerability status by verifying their version and patch information through specific commands.

Winsage

March 4, 2025

I Tried Microsoft Copilot’s Mac App, and You Probably Shouldn’t

Many users in the tech community are looking for ways to hide or remove Copilot from Windows, as they find AI tools bothersome. In contrast, Microsoft has launched Copilot for Mac, which mirrors the web-based experience and includes features like a system-wide keyboard shortcut (Option-Space) for quick access. The Mac version has a menu bar icon for easy access and adapts to the Mac's Appearance settings. However, it lacks some integration features, such as a screenshot button, requiring users to manually upload screenshots for analysis. Copilot can assist with tasks like coding, research, and academic help, and the free version provides access to real-time web information. The Mac and Windows versions of Copilot are similar in capabilities, and users may prefer trying the web version before installation.

Winsage

March 4, 2025

Available today: DeepSeek R1 7B & 14B distilled models for Copilot+ PCs via Azure AI Foundry – further expanding AI on the edge

Microsoft is launching the DeepSeek R1 7B and 14B distilled models via Azure AI Foundry, following the introduction of NPU-optimized versions of the DeepSeek-R1 1.5B model for Copilot+ PCs. These models will be available on Copilot+ PCs powered by Qualcomm Snapdragon X, Intel Core Ultra 200V, and AMD Ryzen processors. The NPUs in these PCs can execute over 40 trillion operations per second and are designed for efficient local AI model execution, minimizing battery and resource consumption. The DeepSeek models utilize 4-bit block-wise quantization and int4 per-channel quantization for enhanced performance. Developers can access all distilled variants of the DeepSeek models through the AI Toolkit VS Code extension, allowing for local deployment and experimentation. Copilot+ PCs combine local computing capabilities with Azure's resources, facilitating a new paradigm of continuous computing for AI applications.

Tech Optimizer

February 27, 2025

PostgreSQL SQL Injection Vulnerability (CVE-2025-1094)

NSFOCUS CERT has identified a significant SQL injection vulnerability in PostgreSQL, designated as CVE-2025-1094, with a CVSS score of 8.1. This vulnerability is due to the psql tool's handling of invalid UTF-8 characters, allowing unauthenticated attackers to execute arbitrary code through the PostgreSQL interactive terminal. Affected versions include PostgreSQL 17 and 13.19. Users can check if their version is affected by executing a specific SQL query. A new version has been released to address this vulnerability, and users are encouraged to upgrade. Temporary mitigation measures include verifying UTF-8 encoding, avoiding dynamic SQL, and restricting access permissions to the psql tool.

BetaBeacon

February 25, 2025

The role of AI in mobile gaming: How Android is changing the game

AI is being used to personalize the gaming experience by offering quick and impactful solutions. AI game development is not feared by the industry, but rather embraced to enhance games while retaining a human touch. AI technology is also helping boost retention and engagement in mobile gaming by improving specific criteria such as retention ratio, engagement, and player spending. AI monetization is driven by a targeted approach to match players with their preferred in-game items, transforming the way we experience mobile games.

Tech Optimizer

February 21, 2025

Self-managed multi-tenant vector search with Amazon Aurora PostgreSQL

Organizations are using generative AI and machine learning tools to extract value from unstructured data, employing specialized machine learning models to convert data into vectors for efficient searching and retrieval. Amazon Aurora PostgreSQL-Compatible Edition, with the pgvector extension, allows developers to create a vector store for generative AI applications. Multi-tenant architectures in software-as-a-service (SaaS) applications ensure tenant data isolation to maintain security and privacy. In a multi-tenant scenario, home survey requests are processed, and survey reports are stored in Amazon S3. Embedding models convert these documents into vector embeddings, which are stored in a vector store. There are two approaches to building a vector-based application: a self-managed approach, where developers handle data processing and queries, and a fully-managed option using Amazon Bedrock Knowledge Bases. The self-managed approach involves coding to process data, generate vector embeddings, and store them in Aurora. The architecture includes data ingestion via AWS Lambda, embedding conversion, SQL queries for data retrieval, and response enhancement using a large language model (LLM). Key terminologies include vector embeddings, embedding models, chunking, pgvector, HNSW index, and IVFFlat index. The process of creating a vector store involves configuring the Aurora PostgreSQL database, enabling the pgvector extension, and establishing a schema for the vector store. The vector table includes fields for UUID, vector embeddings, text chunks, metadata, and tenant identification. Data ingestion requires coding to convert data into embeddings and insert them into the database. Retrieval of vector data is crucial for enhancing prompts sent to LLMs, with various distance functions supported for identifying similar vectors. Multi-tenancy is enforced using row-level security in PostgreSQL, ensuring tenant data isolation. The process includes updating query functions to support tenant isolation and setting the current tenant ID for queries.

Tech Optimizer

February 21, 2025

Multi-tenant vector search with Amazon Aurora PostgreSQL and Amazon Bedrock Knowledge Bases

The article discusses the implementation of a multi-tenant vector store using Amazon Aurora PostgreSQL-Compatible Edition and Amazon Bedrock Knowledge Bases. It outlines a scenario where users request home surveys, and surveyors update findings stored in an Amazon S3 bucket. The process involves converting documents into vector embeddings for enhanced natural language queries through the Retrieval Augmented Generation (RAG) technique. Key steps include: 1. Ingesting data from S3 into Amazon Bedrock Knowledge Bases. 2. Using an embeddings model to convert documents into vector embeddings. 3. Storing vector embeddings, data chunks, and metadata in Aurora with pgvector. 4. Submitting natural language queries that are transformed into embeddings for retrieval from the vector store. 5. Forwarding relevant documents to a large language model for response generation. To set up the vector store, prerequisites include access to an Amazon Aurora PostgreSQL-compatible database, Amazon S3 for document storage, and Amazon Bedrock for managing knowledge bases. The article provides SQL commands for creating the necessary schema, vector table, and index in Aurora, as well as instructions for ingesting data and ensuring multi-tenant data isolation through metadata filtering. Best practices for deploying a multi-tenant vector store include optimizing chunk size, evaluating embedding models, and monitoring query performance. The article emphasizes the benefits of fully managed solutions to reduce operational complexity.