research Archives

Winsage

February 21, 2025

Windows Notepad and Paint are still free – but the AI will cost you. Here’s how much

Users have enjoyed free access to Windows applications like Notepad and Paint, but new AI features now require a subscription. Notepad can now perform text rewrites based on user preferences, while Paint includes an AI-powered Image Creator. Microsoft is encouraging subscriptions to Microsoft 365 to support AI development, leading to a freemium model for desktop software. Users can access non-AI features for free, but AI functionalities require a subscription, with pricing options including a Microsoft 365 Personal plan and a Family plan. Each plan offers up to 60 AI credits per month, with additional options for unlimited usage through the Copilot Pro plan. The only free feature in Paint is background removal.

AppWizard

February 21, 2025

‘A massive, massive moment of wow.’ Microsoft CEO predicts AI-generated games are a ‘CGI moment’ for the industry

Microsoft CEO Satya Nadella discussed the company's plans for artificial intelligence and quantum computing, particularly focusing on their AI-powered game generation platform, Muse. He compared Muse's potential impact on gaming to the influence of CGI in the film industry, despite its current limitations of generating games at a resolution of 300 by 180 pixels. Nadella envisions a future where users can request unique gaming experiences, indicating that the integration of AI into gaming is imminent. He also highlighted the broader implications of AI on economic growth, cautioning against the hype surrounding artificial general intelligence (AGI) and emphasizing the importance of AI's impact on GDP growth. Nadella believes in a collaborative future for AI development, suggesting that the market can support multiple successful players. The timeline for when gamers can fully engage with Muse remains uncertain, with some experts cautioning that its capabilities may be overstated.

Tech Optimizer

February 21, 2025

Serious PostgreSQL flaw exploited in US Treasury zero-day attack

Security researchers have identified a zero-day vulnerability in PostgreSQL, labeled CVE-2025-1094, which is believed to have contributed to the cyber breach of the US Treasury in December. The breach was initially attributed to the command injection vulnerability CVE-2024-12356 in the BeyondTrust Remote Support platform. Successful exploitation of CVE-2024-12356 required prior exploitation of CVE-2025-1094. Although BeyondTrust issued a patch for CVE-2024-12356 in December 2024, it did not resolve the underlying issue of CVE-2025-1094, leaving it a zero-day vulnerability until reported to PostgreSQL. Chinese hackers reportedly gained remote access to multiple workstations within the US Treasury, potentially compromising unclassified documents. The details of the accessed documents and the number of workstations involved are not disclosed. This incident is part of a broader pattern of cyber attacks linked to Chinese state-sponsored actors.

Tech Optimizer

February 20, 2025

PostgreSQL flaw exploited as zero-day in BeyondTrust breach

Rapid7's vulnerability research team reported that a security flaw in PostgreSQL was exploited as a zero-day vulnerability to infiltrate BeyondTrust's network in December, involving two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, along with a stolen API key, leading to unauthorized access to 17 Remote Support SaaS instances. In early January, the U.S. Treasury Department disclosed a compromise of its network, with attackers using the stolen API key to access its BeyondTrust instance, linked to the Silk Typhoon cyber-espionage group. The attackers targeted critical offices within the Treasury, including CFIUS and OFAC, and accessed the Office of Financial Research systems. CISA added CVE-2024-12356 to its Known Exploited Vulnerabilities catalog on December 19, mandating federal agencies to secure their networks. On January 27, Rapid7 uncovered another zero-day vulnerability in PostgreSQL, CVE-2025-1094, which allows SQL injection attacks due to mishandling of invalid UTF-8 characters. Rapid7 found that exploiting CVE-2024-12356 for remote code execution requires CVE-2025-1094, and while BeyondTrust classified CVE-2024-12356 as command injection, Rapid7 suggests it is an argument injection vulnerability. They identified a method to exploit CVE-2025-1094 for remote code execution in BeyondTrust systems independently of CVE-2024-12356, noting that BeyondTrust's patch for CVE-2024-12356 does not resolve the root cause of CVE-2025-1094 but prevents exploitation of both vulnerabilities.

AppWizard

February 20, 2025

Xbox announces ‘a generative AI model for gameplay ideation’ called Muse, but don’t get too excited: Machines aren’t about to make games for you just yet

Microsoft announced its latest generative AI model, Muse, developed in collaboration with Microsoft Research and Ninja Theory. Muse is described as a "world and human action model (WHAM)" trained on Ninja Theory's Bleeding Edge. Microsoft aims to enhance the gaming experience by using AI to enrich player engagement and support game developers' creative processes. The company emphasizes that AI is intended to empower human creativity rather than replace it. A report in Nature provides insights into Muse's technical aspects, highlighting the importance of human agency in the creative process and identifying key capabilities for AI development. Microsoft CEO Satya Nadella envisions AI's capabilities extending to interactive environments like video games. However, some experts, like Dr. Michael Cook, caution against overhyping Muse, noting that the research focuses more on human interaction with AI tools than on generating gameplay. Despite reservations, Cook acknowledges AI's potential as a design tool. Microsoft has promised further announcements on how AI will enhance experiences for game creators and players. Muse will debut in Copilot Labs, signaling new immersive AI gaming experiences.

AppWizard

February 20, 2025

The least used app on my Android phone is… the Google app?!

The Google app, launched over 15 years ago, enhances mobile search capabilities on Android devices and serves multiple essential functions, including powering the search widget, the Discover feed, Circle to Search, Google Lens, the Saved tab, and ad personalization options. A poll indicates that 34% of users utilize the app daily, 9% use it often, 16% rarely, and 41% never use it. Despite its perceived redundancy, the app is an uninstallable system app, crucial for maintaining various Android features and functionalities.

Winsage

February 20, 2025

Many of Microsoft Edge’s most important features are now faster than ever

Microsoft Edge version 132 has introduced significant performance enhancements, resulting in an average speed increase of approximately 40% across various features. Key areas affected include the Downloads folder, Drop, History, and the inPrivate new tab experience. The transition to WebUI 2.0 has optimized webpage rendering and improved speed, particularly benefiting lower-end devices using HDDs. For example, the time to open the Downloads folder has decreased from 0.927 seconds to 0.428 seconds. At least 14 areas of the browser's user interface have experienced these speed improvements, contributing to a more responsive and efficient browsing experience.

TrendTechie

February 20, 2025

Хакеры заражали гаджеты российских пользователей криптомайнером под видом игр-симуляторов

Experts from Kaspersky GReAT have identified a scheme where cybercriminals distribute malware disguised as free versions of popular computer games via torrent trackers. This malware downloads a modified version of the XMRig cryptocurrency miner onto users' devices. The distribution began on December 31, 2024, and continued until the end of January 2025, with the first infected files appearing on torrent sites in the previous autumn. Affected countries include Russia, Belarus, Kazakhstan, Brazil, and Germany. The XMRig miner exploits the computational power of infected devices to mine Monero and was embedded in files associated with games like BeamNG.drive, Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod. Kaspersky reported that 70.5% of users encountered infected versions of BeamNG.drive. The malware causes overheating, decreased performance, and increased electricity consumption without immediate signs of infection. Tatyana Shishkova from Kaspersky noted that the timing of the campaign coincided with the holiday season and that gaming applications were targeted due to their high performance. She advised users to avoid downloading software from unreliable sources.

Tech Optimizer

February 20, 2025

EDB Postgres® AI Significantly Outperforms Oracle, SQL Server, MongoDB, and MySQL in New Benchmark Study

EnterpriseDB (EDB) has released findings from a benchmark study by McKnight Consulting Group, showing that EDB Postgres AI outperforms Oracle, SQL Server, MongoDB, and MySQL in various workloads, including transactional, analytical, and AI tasks. Key performance metrics include being 150 times faster than MongoDB in processing JSON data, 4 times faster than MySQL in handling insert operations, and outperforming Oracle by 17% and SQL Server by 30% in processing New Orders Per Minute (NOPM). EDB Postgres AI also offers 7 times better price performance than Oracle and 6 times better than SQL Server. The study highlights the challenges enterprises face with legacy systems consuming 55% of IT budgets, which hampers modernization efforts. EDB Postgres AI aims to address these challenges by streamlining data infrastructure, reducing total cost of ownership, and facilitating AI capabilities in a secure environment.

Tech Optimizer

February 20, 2025

PostgreSQL vulnerability exploited in US Treasury attack

In December 2024, suspected state-sponsored Chinese hackers executed a sophisticated cyber attack on U.S. Treasury employees' workstations, utilizing a dual vulnerability strategy involving CVE-2024-12356 and CVE-2025-1094. CVE-2024-12356 is an unauthenticated command injection flaw in BeyondTrust Remote Support SaaS, while CVE-2025-1094 is a PostgreSQL zero-day vulnerability that allows SQL injection attacks through the psql tool. The PostgreSQL team released a fix for CVE-2025-1094 on February 13, 2025, and BeyondTrust issued patches in December 2024 to mitigate the vulnerabilities. PostgreSQL users are advised to upgrade to fixed versions: 17.3, 16.7, 15.11, 14.16, or 13.19, and BeyondTrust users should implement the December 2024 fix. Rapid7 has provided advisories and indicators of compromise related to these vulnerabilities.