There's no shortage of terrifying challenges to try in Phasmophobia, and many of them lead to worthwhile rewards that can make your ghost-hunting experience easier and more fun. That said, a select few of those challenges can take a considerable amount of time to complete, based on what's expected of them.

Assassin's Creed Shadows drops you right into the heart of feudal Japan, giving you the chance to play as either Naoe or Yasuke. With a vast open world to explore and enemies lurking around every corner, gearing up is more important than ever.

Vinpowers iXflash series expands iPhone storage up to 2TB, offering a compact, offline alternative to cloud storage with instant access.

Is QD-EL the OLED-beater? Maybe but definitely not imminently

MM HORDE VFX Studio played a crucial role in the Netflix series Parasyte: The Grey by handling rotomation and camera tracking for complex VFX shots. Their work involved precise body and facial rotomation, ensuring characters moved naturally in 3D space while integrating seamlessly with live-action footage.Early scenes at the performance venue posed particular challenges due to shaky camera movements and lighting variations, making accurate camera tracking essential. The team focused on maintaining scale consistency and ground contact, crucial for realistic motion.For most shots, tight rotomation was performed on the face and neck, while arms and legs were roughly matched to assist animators. This breakdown highlights MM HORDEs expertise in matchmoving, overcoming technical challenges to deliver smooth, realistic character motion within dynamic live-action environments.The post Matchmove Breakdown Parasyte: The Grey by MM HORDE VFX Studio appeared first on Vfxexpress.

Would you share the pages of your journal with a bunch of strangers, because thats the idea behind social wellness app Exist.The new iOS social wellness app wants to turn journaling into a social experience. Originally designed with Gen Z in mind, Exist unexpectedly found its audience among middle-age users, with the average sign-up age landing at 40. Seeing this, the founders pivoted to focus on this group, creating a space for real, raw conversations about lifes challenges.Exist calls itself the edgier cousin of Calm and Headspace, but instead of solo meditation, it puts social journaling at the center of its mission. The app is built on the idea that healing happens best together, not alone. Users can track their moods daily, explore guided meditations, and engage in audio exercises, but the real draw is its community.In terms of its interface, Exist functions like a TikTok for mental health, offering a swipeable feed of videos and text-based public journal entries. Users can respond to daily prompts, share their thoughts, and interact through comments, creating a space for support and real conversations.The biggest feature that makes us different is the community side, cofounder Alicia Waldner told TechCrunch. Headspace and Calm proved that theres this audio-based market, but people still feel very alone in those experiences and in real life, people meditate and then they journal, but thats a solo experience. And what we did was make that a social experience. So instead of journaling all your thoughts and feelings at home and putting it underneath your bed at night, youre sharing it with the world, and people are commenting back.Exist also offers an AI-powered question feature designed to push users to dig deeper into their thoughts and feelings. This tool encourages a more reflective and thorough journaling experience. While the community and social journaling features are free, users looking for guided audios and meditations can unlock them with a $5.99/month subscription.

RAG-powered conversational research assistants address the limitations of traditional language models by combining them with information retrieval systems. The system searches through specific knowledge bases, retrieves relevant information, and presents it conversationally with proper citations. This approach reduces hallucinations, handles domain-specific knowledge, and grounds responses in retrieved text. In this tutorial, we will demonstrate building such an assistant using the open-source model TinyLlama-1.1B-Chat-v1.0 from Hugging Face, FAISS from Meta, and the LangChain framework to answer questions about scientific papers.First, lets install the necessary libraries:Copy CodeCopiedUse a different Browser!pip install langchain-community langchain pypdf sentence-transformers faiss-cpu transformers accelerate einopsNow, lets import the required libraries:Copy CodeCopiedUse a different Browserimport osimport torchfrom langchain.text_splitter import RecursiveCharacterTextSplitterfrom langchain_community.document_loaders import PyPDFLoaderfrom langchain_community.vectorstores import FAISSfrom langchain_community.embeddings import HuggingFaceEmbeddingsfrom langchain.chains import ConversationalRetrievalChainfrom langchain_community.llms import HuggingFacePipelinefrom transformers import AutoTokenizer, AutoModelForCausalLM, pipelineimport pandas as pd from IPython.display import display, MarkdownWe will mount drive to save the paper in further step:Copy CodeCopiedUse a different Browserfrom google.colab import drivedrive.mount('/content/drive')print("Google Drive mounted")For our knowledge base, well use PDF documents of scientific papers. Lets create a function to load and process these documents:Copy CodeCopiedUse a different Browserdef load_documents(pdf_folder_path): documents = [] if not pdf_folder_path: print("Downloading a sample paper...") !wget -q https://arxiv.org/pdf/1706.03762.pdf -O attention.pdf pdf_docs = ["attention.pdf"] else: pdf_docs = [os.path.join(pdf_folder_path, f) for f in os.listdir(pdf_folder_path) if f.endswith('.pdf')] print(f"Found {len(pdf_docs)} PDF documents") for pdf_path in pdf_docs: try: loader = PyPDFLoader(pdf_path) documents.extend(loader.load()) print(f"Loaded: {pdf_path}") except Exception as e: print(f"Error loading {pdf_path}: {e}") return documentsdocuments = load_documents("")Next, we need to split these documents into smaller chunks for efficient retrieval:Copy CodeCopiedUse a different Browserdef split_documents(documents): text_splitter = RecursiveCharacterTextSplitter( chunk_size=1000, chunk_overlap=200, length_function=len, ) chunks = text_splitter.split_documents(documents) print(f"Split {len(documents)} documents into {len(chunks)} chunks") return chunkschunks = split_documents(documents)Well use sentence-transformers to create vector embeddings for our document chunks:Copy CodeCopiedUse a different Browserdef create_vector_store(chunks): print("Loading embedding model...") embedding_model = HuggingFaceEmbeddings( model_name="sentence-transformers/all-MiniLM-L6-v2", model_kwargs={'device': 'cuda' if torch.cuda.is_available() else 'cpu'} ) print("Creating vector store...") vector_store = FAISS.from_documents(chunks, embedding_model) print("Vector store created successfully!") return vector_storevector_store = create_vector_store(chunks)Now, lets load an open-source language model to generate responses. Well use TinyLlama, which is small enough to run on Colab but still powerful enough for our task:Copy CodeCopiedUse a different Browserdef load_language_model(): print("Loading language model...") model_id = "TinyLlama/TinyLlama-1.1B-Chat-v1.0" try: import subprocess print("Installing/updating bitsandbytes...") subprocess.check_call(["pip", "install", "-U", "bitsandbytes"]) print("Successfully installed/updated bitsandbytes") except: print("Could not update bitsandbytes, will proceed without 8-bit quantization") from transformers import AutoTokenizer, AutoModelForCausalLM, BitsAndBytesConfig, pipeline import torch tokenizer = AutoTokenizer.from_pretrained(model_id) if torch.cuda.is_available(): try: quantization_config = BitsAndBytesConfig( load_in_8bit=True, llm_int8_threshold=6.0, llm_int8_has_fp16_weight=False ) model = AutoModelForCausalLM.from_pretrained( model_id, torch_dtype=torch.bfloat16, device_map="auto", quantization_config=quantization_config ) print("Model loaded with 8-bit quantization") except Exception as e: print(f"Error with quantization: {e}") print("Falling back to standard model loading without quantization") model = AutoModelForCausalLM.from_pretrained( model_id, torch_dtype=torch.bfloat16, device_map="auto" ) else: model = AutoModelForCausalLM.from_pretrained( model_id, torch_dtype=torch.float32, device_map="auto" ) pipe = pipeline( "text-generation", model=model, tokenizer=tokenizer, max_length=2048, temperature=0.2, top_p=0.95, repetition_penalty=1.2, return_full_text=False ) from langchain_community.llms import HuggingFacePipeline llm = HuggingFacePipeline(pipeline=pipe) print("Language model loaded successfully!") return llmllm = load_language_model()Now, lets build our assistant by combining the vector store and language model:Copy CodeCopiedUse a different Browserdef format_research_assistant_output(query, response, sources): output = f"n{'=' * 50}n" output += f"USER QUERY: {query}n" output += f"{'-' * 50}nn" output += f"ASSISTANT RESPONSE:n{response}nn" output += f"{'-' * 50}n" output += f"SOURCES REFERENCED:nn" for i, doc in enumerate(sources): output += f"Source #{i+1}:n" content_preview = doc.page_content[:200] + "..." if len(doc.page_content) > 200 else doc.page_content wrapped_content = textwrap.fill(content_preview, width=80) output += f"{wrapped_content}nn" output += f"{'=' * 50}n" return outputimport textwrapresearch_assistant = create_research_assistant(vector_store, llm)test_queries = [ "What is the key idea behind the Transformer model?", "Explain self-attention mechanism in simple terms.", "Who are the authors of the paper?", "What are the main advantages of using attention mechanisms?"]for query in test_queries: response, sources = research_assistant(query, return_sources=True) formatted_output = format_research_assistant_output(query, response, sources) print(formatted_output)In this tutorial, we built a conversational research assistant using Retrieval-Augmented Generation with open-source models. RAG enhances language models by integrating document retrieval, reducing hallucination, and ensuring domain-specific accuracy. The guide walks through setting up the environment, processing scientific papers, creating vector embeddings using FAISS and sentence transformers, and integrating an open-source language model like TinyLlama. The assistant retrieves relevant document chunks and generates responses with citations. This implementation allows users to query a knowledge base, making AI-powered research more reliable and efficient for answering domain-specific questions.Here is the Colab Notebook. Also,dont forget to follow us onTwitterand join ourTelegram ChannelandLinkedIn Group. Dont Forget to join our85k+ ML SubReddit.The post A Coding Implementation to Build a Conversational Research Assistant with FAISS, Langchain, Pypdf, and TinyLlama-1.1B-Chat-v1.0 appeared first on MarkTechPost.

A critical advancement in recent times has been exploring reinforcement learning (RL) techniques to improve LLMs beyond traditional supervised fine-tuning methods. RL allows models to learn optimal responses through reward signals, enhancing their reasoning and decision-making capabilities. RL introduces a feedback-driven training loop that better aligns with human-like learning processes, particularly in tasks involving step-by-step problem-solving or math reasoning. This intersection of LLMs and RL is becoming a prominent area for academic research and industry innovation.A central challenge in improving LLMs for complex reasoning tasks is ensuring these models develop better thinking skills rather than longer outputs. In reinforcement learning-based training of LLMs, a pattern has emerged where models begin generating excessively long responses without necessarily improving answer quality. This raises concerns about optimization biases in RL methods that may favor verbosity over correctness. Another complication arises from the base models themselves; some already show signs of reasoning capabilities, which makes it difficult to isolate the real impact of RL tuning. Therefore, understanding how training strategies and model foundations affect final performance becomes essential.Previously, reinforcement learning post-training for LLMs often relied on algorithms like Proximal Policy Optimization (PPO), commonly used in various open-source implementations. These implementations frequently included a response-length normalization step, which inadvertently introduced biases favoring longer or shorter outputs depending on the correctness of the response. In particular, Group Relative Policy Optimization (GRPO) was introduced as a variant to optimize policy updates at the group level. While effective, GRPO has been criticized for embedding subtle optimization biases that affect the length and quality of model responses. These existing techniques, though innovative, have shown limitations that obscure the actual gains from reinforcement learning.Researchers from Sea AI Lab, the National University of Singapore, and Singapore Management University introduced a new approach called Dr. GRPO (Group Relative Policy Optimization Done Right) to address these issues. This method removes the problematic normalization terms from the GRPO formulation. Specifically, it eliminates the response length and standard deviation scaling factors that caused imbalances in model updates. The revised algorithm computes gradients more fairly across different responses and question types. They applied this method to train Qwen2.5-Math-7B, an open-source base model and demonstrated its effectiveness on multiple benchmarks. The training process used 27 hours of computing on 8 A100 GPUs, a relatively modest setup considering the results achieved.The researchers tested their method on prominent math reasoning benchmarks, including AIME 2024, AMC, MATH500, Minerva Math, and OlympiadBench. The model trained with Dr. GRPO achieved 43.3% accuracy on AIME 2024, significantly outperforming SimpleRL-Zero-7B (36.0%), Prime-Zero-7B (27.6%), and OpenReasoner-Zero-7B (16.7%). It also demonstrated strong average performance across all tasks: 40.9% on MATH500, 45.8% on Minerva, and 62.7% on OlympiadBench. These results validate the effectiveness of the bias-free RL method. Importantly, the model performed better and showed more efficient token usage. Incorrect responses became shorter and more focused, a notable shift from previous training methods encouraging overextended answers regardless of correctness.Beyond the training algorithm, the team also examined the nature of base models used in R1-Zero-like RL settings. They found that some models, such as Qwen2.5, display advanced capabilities even before training, possibly due to pretraining on concatenated question-answer data. For example, the Qwen2.5-Math-7B model achieved 38.2% average accuracy without any RL fine-tuning, outperforming many models trained using traditional methods. This preexisting reasoning capacity complicates claims about the benefits of RL, as improvements may partly stem from prior training strategies rather than new learning through reinforcement. DeepSeek-V3-Base, another examined model, showed spontaneous Aha moments and instances of self-reflection before RL, further suggesting that some reasoning skills may already be embedded in base models.The performance dynamics were carefully tracked during training. Using Dr. GRPO, models avoided the tendency to inflate response lengths. The evaluation revealed that Dr. GRPO kept output lengths stable while increasing reward signals, suggesting a direct correlation between training and improved accuracy, not just verbosity. In contrast, traditional GRPO led to progressively longer incorrect responses, falsely indicating improvement. This observation aligns with findings that many open-source PPO implementations unwittingly introduce response-length bias, a flaw inherited from pretraining practices.The researchers also explored how different templates and question sets influence model behavior. The Qwen2.5-Math-1.5B base model performed best without prompt templates, scoring 61.6% on Minerva Math and 45.8% on MATH500. Surprisingly, using templates often decreased performance before RL recovered it. This highlights how mismatches between model pretraining and inference format can obscure true reasoning capabilities. Also, models trained on small, simple question sets like GSM-8K often outperformed those trained on larger datasets, challenging the assumption that broader coverage always leads to better reasoning.Several Key Takeaways from the Research include the following:DeepSeek-V3-Base and Qwen2.5 models exhibit reasoning capabilities even before RL, indicating strong pretraining effects.Dr. GRPO eliminates biases in GRPO by removing length and reward normalization terms, improving token efficiency.The Qwen2.5-Math-7B model, trained with Dr. GRPO, achieved:43.3% on AIME 202462.7% on OlympiadBench45.8% on Minerva Math40.9% on MATH500The average score across all benchmarks: 40.3%Incorrect responses were significantly shorter using Dr. GRPO, avoiding unnecessary verbosity seen in other methods.Qwen2.5 models perform better without prompt templates, suggesting they may be pretrained on Q&A formatted data.Smaller question sets like GSM-8K can perform better than larger ones, countering expectations.Open-source PPO implementations often contain unintended response-length biases that Dr. GRPO successfully removes.In conclusion, the study reveals critical insights into how RL affects large language model behavior. Researchers found that pretraining plays a substantial role in determining baseline capabilities. They also demonstrated that optimization biases in popular RL algorithms can mislead training and evaluation. The introduction of Dr. GRPO corrected these issues, leading to more interpretable and efficient model training. With only 27 hours of training, their model reached state-of-the-art results on major math reasoning benchmarks. These findings reshape how the community should evaluate RL-enhanced LLMs, focusing more on method transparency and base model characteristics than on mere performance metrics.Check outthe Paper and GitHub Page.All credit for this research goes to the researchers of this project. Also,feel free to follow us onTwitterand dont forget to join our85k+ ML SubReddit. Asif RazzaqWebsite| + postsBioAsif Razzaq is the CEO of Marktechpost Media Inc.. As a visionary entrepreneur and engineer, Asif is committed to harnessing the potential of Artificial Intelligence for social good. His most recent endeavor is the launch of an Artificial Intelligence Media Platform, Marktechpost, which stands out for its in-depth coverage of machine learning and deep learning news that is both technically sound and easily understandable by a wide audience. The platform boasts of over 2 million monthly views, illustrating its popularity among audiences.Asif Razzaqhttps://www.marktechpost.com/author/6flvq/A Coding Implementation to Build a Conversational Research Assistant with FAISS, Langchain, Pypdf, and TinyLlama-1.1B-Chat-v1.0Asif Razzaqhttps://www.marktechpost.com/author/6flvq/Code Implementation of a Rapid Disaster Assessment Tool Using IBMs Open-Source ResNet-50 ModelAsif Razzaqhttps://www.marktechpost.com/author/6flvq/Kyutai Releases MoshiVis: The First Open-Source Real-Time Speech Model that can Talk About ImagesAsif Razzaqhttps://www.marktechpost.com/author/6flvq/NVIDIA AI Open Sources Dynamo: An Open-Source Inference Library for Accelerating and Scaling AI Reasoning Models in AI Factories

Mar 23, 2025Ravie LakshmananSupply Chain / VulnerabilityThe supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope."The payload was focused on exploiting the public CI/CD flow of one of their open source projects agentkit, probably with the purpose of leveraging it for further compromises," Palo Alto Networks Unit 42 said in a report. "However, the attacker was not able to use Coinbase secrets or publish packages."The incident came to light on March 14, 2025, when it was found that "tj-actions/changed-files" was compromised to inject code that leaked sensitive secrets from repositories that ran the workflow. It has been assigned the CVE identifier CVE-2025-30066 (CVSS score: 8.6).According to Endor Labs, 218 GitHub repositories are estimated to have exposed their secrets due to the supply chain attack, and a majority of the leaked information includes a "few dozen" credentials for DockerHub, npm, and Amazon Web Services (AWS), as well as GitHub install access tokens."The initial scale of the supply chain attack sounded scary, considering that tens of thousands of repositories depend on the GitHub Action," security researcher Henrik Plate said."However, drilling down into the workflows, their runs and leaked secrets shows that the actual impact is smaller than anticipated: 'Only' 218 repositories leaked secrets, and the majority of those are short-lived GITHUB_TOKENs, which expire once a workflow run is completed."Since then, it has emerged that the v1 tag of another GitHub Action called "reviewdog/action-setup," which "tj-actions/changed-files" relies on as a dependency via "tj-actions/eslint-changed-files," was also compromised in the lead up to the tj-actions incident with a similar payload. The breach of "reviewdog/action-setup" is being tracked as CVE-2025-30154 (CVSS score: 8.6).The exploitation of CVE-2025-30154 is said to have enabled the unidentified threat actor to obtain a personal access token (PAT) associated with "tj-actions/changed-files," thereby allowing them to modify the repository and push the malicious code, in turn impacting every single GitHub repository that depended on the action."When the tj-actions/eslint-changed-files action was executed, the tj-actions/changed-files CI runner's secrets were leaked, allowing the attackers to steal the credentials used in the runner, including a Personal Access Token (PAT) belonging to the tj-bot-actions GitHub user account," Unit 42 researchers Omer Gil, Aviad Hahami, Asi Greenholts, and Yaron Avital said.It's currently suspected that the attacker managed to somehow gain access to a token with write access to the reviewdog organization in order to make the rogue alterations. That said, the manner in which this token may have been acquired remains unknown at this stage.Furthermore, the malicious commits to "reviewdog/action-setup" is said to have been carried out by first forking the corresponding repository, committing changes to it, and then creating a fork pull request to the original repository and ultimately introducing arbitrary commits a scenario called a dangling commit."The attacker took significant measures to conceal their tracks using various techniques, such as leveraging dangling commits, creating multiple temporary GitHub user accounts, and obfuscating their activities in workflow logs (especially in the initial Coinbase attack)," Gil, Senior Research Manager at Palo Alto Networks, told The Hacker News. "These findings indicate that the attacker is highly skilled and has a deep understanding of CI/CD security threats and attack tactics."Unit 42 theorized that the user account behind the fork pull request "iLrmKCu86tjwp8" may have been hidden from public view after the attacker switched from a legitimate email address provided during registration to a disposable (or anonymous) email in violation of GitHub's policy.This could have caused all the interactions and actions performed by the user to be concealed. However, when reached for comment, GitHub did not confirm or deny the hypothesis, but said it's actively reviewing the situation and taking action as necessary."There is currently no evidence to suggest a compromise of GitHub or its systems. The projects highlighted are user-maintained open-source projects," a GitHub spokesperson told The Hacker News."GitHub continues to review and take action on user reports related to repository contents, including malware and other malicious attacks, in accordance with GitHub's Acceptable Use Policies. Users should always review GitHub Actions or any other package that they are using in their code before they update to new versions. That remains true here as in all other instances of using third party code."A deeper search for GitHub forks of tj-actions/changed-files has led to the discovery of two other accounts "2ft2dKo28UazTZ" and "mmvojwip," both of which have since been deleted from the platform. Both the accounts have also been found to create forks of Coinbase-related repositories such as onchainkit, agentkit, and x402.Further examination has uncovered that the accounts modified the "changelog.yml" file in the agentkit repository using a fork pull request to point to a malicious version of "tj-actions/changed-files" published earlier using the PAT.The attacker is believed to have obtained a GitHub token with write permissions to the agentkit repository in turn facilitated by the execution of the tj-actions/changed-files GitHub Actions so as to make the unauthorized changes. Another important aspect worth highlighting is the difference in payloads used in both the cases, indicating attempts on part of the attacker to stay under the radar."The attacker used different payloads at different stages of the attack. For example, in the widespread attack, the attacker dumped the runner's memory and printed secrets stored as environment variables to the workflow's log, regardless of which workflow was running," Gil said."However, when targeting Coinbase, the attacker specifically fetched the GITHUB_TOKEN and ensured that the payload would only execute if the repository belonged to Coinbase."It's currently not known what the end goal of the campaign was, it's "strongly" suspected that the intent was financial gain, likely attempting to conduct cryptocurrency theft, given the hyper-specific targeting of Coinbase, Gil pointed out. As of March 19, 2025, the cryptocurrency exchange has remediated the attack.It's also not clear what prompted the attacker to switch gears, turning what was an initially targeted attack turned into a large-scale and less stealthy campaign."One hypothesis is that after realizing they could not leverage their token to poison the Coinbase repository -- and upon learning that Coinbase had detected and mitigated the attack -- the attacker feared losing access to the tj-actions/changed-files action," Gil said."Since compromising this action could provide access to many other projects, they may have decided to act quickly. This could explain why they launched the widespread attack just 20 minutes after Coinbase mitigated the exposure on their end despite the increased risk of detection."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE