MacworldMicrosoft 365 isnt the only way toget Microsoft apps onto your Mac. Its not even the cheapest way. Instead of paying monthly for your Microsoft 365 subscription, see if a one-time payment for a lifetime license to Microsoft Office Home and Business is a better fit. Its on sale for $79.97, down 63% from its regular price of $219 until March 30.This lifetime license comes withWord, PowerPoint, Teams, OneNote, Excel, and Outlook, and theres no limit to how much you can use them or how long you can have them.Unlike Microsoft 365, this is not a subscription service but a one-time purchase, allowing installation on one Mac with a lifetime license. Users gain the benefit of continuous access to these essential tools without the need for ongoing payments. Your budget gets a break, and you dont have to learn any new apps.Pay just once for a lifetime of productivity.Through March 30, get a2021 Microsoft Office Home and Business lifetime license for Macfor $79.97.Microsoft Office Home & Business for Mac 2021: Lifetime License $79.97See DealStackSocialprices subject to change.

MacworldConsider this your VIP pass to the inner circle ofChatGPT mastery. Sure, you know how to get the chatbot to write an email for you, but how about making it your personal assistant for virtually everything else?Theres not much itcantdoits all about knowing how to sweet-talk the bot. Its an art form. Need some help? Many people are getting this e-degree that shows you how to use ChatGPT, and its on sale for $19.97 (reg. $790) for a limited time. You can put the certificate on your resume afterward, too, to prove youre an AI pro.With over 25 hours of content spread across twelve lectures, youll learn how to master conversations with ChatGPT. Right now, youre probably entering random words and hoping for good results, but these strategies will help you get exquisite outputs every timeand avoid those annoying bot-like tendencies the tool has.You might also discover new ways of using ChatGPT for work, including research, brainstorming, content creation, data analysis, coding, meeting prep, customer service support, and more.Unlock new ChatGPT tips with thisChatGPT e-degree, now $19.97 (reg. $790) until March 30 at 11:59 p.m. PT. No coupon is needed for this price drop.ChatGPT & Automation E-Degree $19.97See DealStackSocialprices subject to change.

html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"The Gnomon Workshop has released Introduction to Lighting & Compositing for Cinematics, an improvers guide to production workflows for games cinematics and animations. The workshop, recorded by Love Death & Robots and Secret Level veteran Jon Perez, provides over four hours of video training in Houdini, Arnold and Nuke.An essential guide for young artists aiming to create lighting and compositing portfoliosIn the workshop, which is aimed at artists looking to specialize in lighting and compositing and needing to create portfolio pieces, Perez reveals the workflows currently used in production.After gathering and reviewing relevant references using PureRef, Perez demonstrates how to develop the chosen scenes using Houdini before moving into the final compositing in Nuke.The tutorial explores the benefits of Houdinis extensive configuration possibilities, from Bundles and Operators to AOV settings, and provides tips for effective image treatment in Nuke.This workshop uses Big Medium Smalls commercial Water Village asset bundle.About the artistJon Perez is a Senior Lighting and Compositing Artist, with over 10 years of experience in feature animation, animated series and visual effects.He has worked for Goodbye Kansas Studios and Axis Studios for clients like Blizzard Entertainment and Riot Games on projects including Love Death & Robots and Secret Level.Pricing and availabilityIntroduction to Lighting & Compositing for Cinematics is available via a subscription to The Gnomon Workshop, which provides access to over 300 tutorials.Subscriptions cost $57/month or $519/year. Free trials are available.Read more about Introduction to Lighting & Compositing for CinematicsHave your say on this story by following CG Channel on Facebook, Instagram and X (formerly Twitter). As well as being able to comment on stories, followers of our social media accounts can see videos we dont post on the site itself, including making-ofs for the latest VFX movies, animations, games cinematics and motion graphics projects.Full disclosure: CG Channel is owned by Gnomon.

Large language models (LLMs) have shown remarkable advancements in reasoning capabilities in solving complex tasks. While models like OpenAIs o1 and DeepSeeks R1 have significantly improved challenging reasoning benchmarks such as competition math, competitive coding, and GPQA, critical limitations remain in evaluating their true reasoning potential. The current reasoning datasets focus on problem-solving tasks but fail to encompass domains that require open-ended reasoning. Moreover, these datasets suffer from limited diversity in both scale and difficulty levels, making it challenging to evaluate and enhance the reasoning capabilities of LLMs across different domains and complexity levels.Previous attempts to enhance LLM reasoning capabilities mostly focus on two approaches: synthetic data generation and unsupervised self-training. In synthetic data generation, STaR and MetaMath methods augment existing datasets with new chain-of-thought rationales and question variations. Still, they heavily depend on pre-existing high-quality datasets. While approaches like OpenMathInstruct-2, NuminaMath, and Xwin-Math generate new data from seed examples, they struggle with scaling to novel domains. In unsupervised self-training, most methods rely on human-annotated final answers or external reward models, making them resource-intensive and costly, particularly for complex multi-step problems that require human evaluation of LLM outputs.Researchers from Meta, and New York University have proposed NATURALREASONING, a comprehensive dataset of 2.8 million reasoning questions extracted from pretraining corpora. This dataset spans diverse fields including Mathematics, Physics, Computer Science, and Economics & Business. Unlike synthetic datasets like MetaMathQA and OpenMathInstruct-2, NATURALREASONING represents authentic real-world reasoning problems through backtranslation from pretraining corpora. It uniquely combines verifiable and open-ended questions, including theorem proving, making it valuable for developing algorithms that enhance LLMs reasoning abilities beyond simple verification tasks and enabling knowledge distillation from stronger to weaker models.The efficacy of the NATURALREASONING method is shown in two ways to enhance reasoning capabilities. First, it utilizes knowledge distillation and supervised finetuning to achieve steeper scaling trends than existing datasets. Second, it functions as a source for domain-specific seed data extraction. For targeting science reasoning benchmarks like GPQA, the method samples 250 benchmark questions and retrieves 1K similar decontaminated questions from NATURALREASONING using cosine similarity between question embeddings. These questions are then deduplicated and clustered into 15K groups. The evaluation protocol uses zero-shot testing across various benchmarks including MATH, GPQA, GPQA-Diamond, and MMLUPro, using greedy decoding for consistent performance measurement.The evaluation results show that with just 1.5 million training examples, models trained on NATURALREASONING outperform Llama3.1-8B-Instruct but other datasets like OpenMathInstruct-2 and WebInstruct fail to achieve comparable performance even with 2.8 million data points. While math-specific datasets like OpenMathInstruct-2 show strong performance on math benchmarks (improving from 50.83 to 59.25 on MATH), they struggle to generalize, with GPQA accuracy plateauing around 26-27% and inconsistent MMLU-Pro performance. Moreover, datasets like WebInstruct show diminishing returns, with GPQA performance peaking at 29.02% with 500K samples but declining to 26.12% at 2.8M samples.In conclusion, researchers introduced NATURALREASONING, a dataset that represents a significant advancement in developing comprehensive reasoning datasets for LLMs. The datasets collection of 2.8 million questions spans multiple domains including mathematics, physics, computer science, economics, and social sciences. The results show that using the NATURALREASONING method for knowledge distillation leads to consistent improvements in reasoning benchmark performance as data size increases. Its effectiveness extends to enabling unsupervised self-training of LLMs through external reward models and self-rewarding techniques, marking a step forward to enhance LLMs reasoning capabilities in diverse domains.Check outthePaper and Dataset.All credit for this research goes to the researchers of this project. Also,feel free to follow us onTwitterand dont forget to join our75k+ ML SubReddit. Sajjad AnsariSajjad Ansari is a final year undergraduate from IIT Kharagpur. As a Tech enthusiast, he delves into the practical applications of AI with a focus on understanding the impact of AI technologies and their real-world implications. He aims to articulate complex AI concepts in a clear and accessible manner.Sajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/Advancing MLLM Alignment Through MM-RLHF: A Large-Scale Human Preference Dataset for Multimodal TasksSajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/Enhancing Reasoning Capabilities in Low-Resource Language Models through Efficient Model MergingSajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/TransMLA: Transforming GQA-based Models Into MLA-based ModelsSajjad Ansarihttps://www.marktechpost.com/author/sajjadansari/Microsoft Research Introduces Data Formulator: An AI Application that Leverages LLMs to Transform Data and Create Rich Visualizations

Feb 22, 2025Ravie LakshmananFinancial Crime / CryptocurrencyCryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history."The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," Bybit said in a post on X."As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address."In a separate statement posted on the social media platform, Bybit's CEO Ben Zhou emphasized that all other cold wallets are secure. The company further said it has reported the case to the appropriate authorities.While there is no official confirmation from Bybit yet, Elliptic and Arkham Intelligence confirmed that the digital theft is the work of the infamous Lazarus Group. The incident makes it the biggest-ever cryptocurrency heist reported to date, dwarfing that of Ronin Network ($624 million), Poly Network ($611 million), and BNB Bridge ($586 million).Independent researcher ZachXBT said they "connected the Bybit hack on-chain to the Phemex hack," the latter of which took place late last month.The North Korea-based threat actor is one of the most prolific hacking groups, orchestrating dozens of cryptocurrency heists to generate illicit revenue for the sanctions-hit nation. Last year, Google described North Korea as "arguably the world's leading cyber criminal enterprise." In 2024, it's estimated to have stolen $1.34 billion across 47 cryptocurrency hacks, accounting for 61% of all ill-gotten crypto during the time period, according to blockchain intelligence firm Chainalysis."Cryptocurrency heists are on the rise due to the lucrative nature of their rewards, the challenges associated with attribution to malicious actors, and the opportunities presented by nascent familiarity with cryptocurrency and Web3 technologies among many organizations," Google-owned Mandiant said last month.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

What we've been playing - principles, parables, and pillarsA few of the things that have us hooked this week.Image credit: Eurogamer / Obsidian Feature by Robert Purchese Associate Editor Additional contributions byJim Trinca, Tom Orry, and Tom PhillipsPublished on Feb. 22, 2025 21st FebruaryHello and welcome back to our regular feature where we write a little bit about some of the games we've been playing this week. This week, Tom O chickens out of the Dead Space Remake because it made his baby gate scary, which is an odd thing to type; Tom Phillips reunites with Garrus but in a very different world; and Jim goes full circle by returning to Pillars of Eternity after playing Avowed, and delights in the unwitting references already visible back then.What have you been playing?Catch up with the older editions of this column in our What We've Been Playing archive.Avowed, Xbox Series XTo see this content please enable targeting cookies. What did you say about Dragon Age sequels, Jim! Raging.Watch on YouTubeIt's not often I play a game with my eyes closed - it does not help me play it better - but I've been resting my head back and listening to Avowed at certain points this week. And more specifically, to my aquamarine fish-man companion Kai.Kai is voiced by Brendan Keener, who Mass Effect fans will know as everyone's favourite companion Garrus, and playing Avowed with him as my sidekick is honestly like going on a new adventure with my space friend again. Except for the fact he looks like a fish-man, hence my eyes being closed.The similarities, appearance not withstanding, are uncanny. Kai comes from a militaristic race different to the main character's own, is encountered very early in the game, and looks to want nothing more than to be your new buddy. He can also shoot things and make them explode. Hello, Garrus?There's a lot more to love about Avowed, too. It is gorgeous, with Unreal Engine 5-powered vistas and wonderfully detailed dense forest glens. I also appreciate the game's introduction to its world, as someone who never played Pillars of Eternity. While not unique, the way you can look up key terms with a handy lore guide during conversations is a god-send, while the game doesn't baby you by simplifying its writing.Would I be enjoying Avowed so much if I didn't have Garrus with me? Probably not. But once again, BioWare's trusty companion is smoothing my first steps into a new world as I explore deeper into Eora.-Tom PThe Stanley Parable: Ultra Deluxe, PS5The Stanley Parable: less scary than Dead Space.Watch on YouTubeSpoilers in that header, but I've moved on from Dead Space. I think it's a brilliant remaster, but the stress my god, the stress! As I've previously mentioned, even the sounds of doors shutting in the game managed to put the willies up me, so when I almost fell down my own stairs due to a baby gate swinging shut behind me I knew it was time to stop. I give up. You win, necromorphs! You've made me fear for my life via the actions of a device designed to make my home safer. Sounds like a horror movie, that.Anyway, I'm on The Stanley Parable: Ultra Deluxe now, which was one of the monthly PS Plus games a few weeks ago. I'm not sure how I'd never played the original game, so started this assuming memories of playing it would come flooding back, but no, I really hadn't ever played it. What a fun little game it is, and a wonderful departure from the persistent fear of Dead Space. It's nice not to have to worry about oh, I'm dead on the pavement, a woman looking over my motionless body. Oh well, I'll play something straightforward and simple next. Maybe Pony Island.-Tom OPillars of Eternity, PCI'd just like to play Obsidian games all day long.Watch on YouTubeAfter having an absolutely wonderful time with Avowed, for reasons that both Bertie and I have covered extensively in our recent, er, coverage, I felt a great pull to go back to the start of the Pillars of Eternity saga.The thing about the world of Eora is that it's just an exciting place to be. Often dangerous, full of intrigue and hidden secrets. But more than that, it's a setting that sucks you in like a story book. Avowed has this in spades, and I think that's why it's so moreish: once you're there, you don't really want to leave.Going back to the original game, what's most remarkable is how fully-formed the universe is right from the character screen. When choosing your background, for example, you can elect to be from The Living Lands, which is described as a mountainous island continent where civilisation butts up against a wild frontier. This is exactly what we get in Avowed, which finally takes us there after two games worth of lore drops.Despite the fact that one of these games is in an entirely different genre, the entire 'trilogy' feels like a cohesive whole. A marvellous thing to pull off. I hope we get a sequel to Avowed in future, but I also hope we get a proper Pillars 3 at some point, given how easily the two different 'strands' of Eora based games have been shown to co-exist.Hey, while we're at it, let's have an isometric Outer Worlds as well, classic Fallout style. Bring it all full circle. Obsidian says it has a 100-year plan for staying in business, so there's plenty of time!-Jim

submitted by /u/AmethystOrator [link] [comments]

The FBI warns organizations to backup now.Getty ImagesUpdate, Feb. 22, 2025: This story, originally published Feb. 20, now includes further technical details of the Ghost ransomware operation along with expert commentary from a number of security professionals regarding the FBI security advisory.Phishing, social engineering, scams, or whatever label you like to attach to the click here campaigns so beloved of attackers the world over is not the only security threat you need to pay attention to. I mean, that should go without saying, but ignoring other attack methodologies is akin to burying your head in the sand while someone steals your bucket and spade afterward.The Federal Bureau of Investigation has just published a new security advisory warning of one such non-phishing attack being exploited in an ongoing and particularly dangerous ransomware campaign known as Ghost. Heres what you need to know and what the FBI warns you should do with the utmost urgency to stay protected.FBI Issues Critical Ghost Ransomware Security AdvisoryA joint security advisory published Feb. 19 by the FBI and the Cybersecurity and Infrastructure Security Agency, AA25-050A, has warned organizations around the world of a dangerous ransomware group known as Ghost, which is carrying out ongoing attacks targeting multiple industry sectors across more than 70 countries.The threat actors, working out of China according to the FBI, go by many different names although Ghost appears to be the most common: Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada and Rapture, for example. What doesnt vary, however, is the attack methodology. Rather than using phishing techniques, the chosen method for the vast majority of ransomware attacks these days, Ghost prefers to use publicly available code to exploit known security vulnerabilities in software and firmware that their operators have not patched. They do this to gain access to internet-facing servers and ultimately strike with the ransomware payload.The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple Common Vulnerabilities and Exposures, the advisory said. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances, servers running Adobe ColdFusion, Microsoft SharePoint and Microsoft Exchange, commonly referred to as the ProxyShell attack chain.The FBI made particular note of a number of CVEs that are known to have been exploited by the Ghost ransomware campaigns including:CVE-2009-3960CVE-2010-2861CVE-2018-13379CVE-2019-0604CVE-2021-31207CVE-2021-34473CVE-2021-34523The first set of digits referred to in those CVE numbers is the year that the vulnerability was reported, and in most cases, this is also the year that it would have been patched by the vendor concerned. These stretch back to as long ago as 2009, which is truly shocking when you consider that some systems have, therefore, apparently remained unpatched for at least 15 years.The FBI advisory also explained how the threat actors behind Ghost have been seen to upload a web shell to compromised servers in order to leverage a combination of Windows command prompts and PowerShell to download and execute a Cobalt Strike Beacon on target systems. This in itself is not unusual, although the irony in cybercriminals using a commercially available and well-regarded penetration tool, used as part of adversary simulations to audit the voracity of an organizations security controls, cannot be ignored.Ghost actors often rely on built-in Cobalt Strike functions to steal process tokens running under the SYSTEM user context to impersonate the SYSTEM user, the FBI said, often for the purpose of running Beacon a second time with elevated privileges. The hashdump Cobalt Strike function is then used to collect credentials, including passwords and password hashes, while yet another is employed to display a list of running processes, to determine which antivirus software is running so that it can be disabled. Windows Defender, for example, is frequently disabled on network-connected devices, according to the FBI.Rather interestingly, given that double-extortion ransomware is the order of the day, the FBI noted that while Ghost claims exfiltrated data will be sold unless the ransom is paid, there is little evidence to suggest that a significant amount of such data is stolen from compromised organizations. This is particularly true when it comes to intellectual property or personally identifiable information that would cause significant harm to victims if leaked, the FBI said.Security Professionals Respond To The FBI Ghost WarningGhost is a dangerous nation-state threat actor which organizations must make efforts to protect against, Juliette Hudson, chief technology officer at CybaVerse, said; The group is actively exploiting known CVEs in ubiquitous tech, highlighting the need for organizations to prioritize patching and remediation efforts. And there lies the rub. "The Ghost ransomware campaign highlights the persistent reality that adversaries exploit known vulnerabilities faster than many organizations can patch them, Darren Guccione, CEO of Keeper Security, warned. Which can only reinforce a critical need for proactive risk management, with security leaders having to ensure that software, firmware and identity systems are continuously updated and hardened against exploitation. Beyond patching, identity security is a persistent weak point in defending against ransomware attacks, Guccione said; Enterprises should implement a privileged access management solution to enforce multi-factor authentication, a zero-trust framework and least-privilege access controls to prevent lateral movement.Joe Silva, CEO at Spektion, agreed that the Ghost ransomware attacks would appear to highlight the fact that threat actors are capitalizing on what you might call patch fatigue by exploiting the gaps left by overwhelmed security teams. This proves legacy vulnerability management practices cant keep up with the exploding number of vulnerabilities that attackers are taking advantage of, Silva warned; Instead, organizations need real-time, contextual insights into how their software behaves within their specific environments by using tools that have a strong signal to noise ratio based on actual risks rather than potential risks that overwhelm security teams.Ghosts credential theft is a stark reminder that hackers are always a step ahead, says Rom Carmel, CEO at Apono. By compromising legitimate accounts, they can infiltrate deeper into environments and target an organization's most sensitive resources, Carmel warned; To reduce the blast radius of account compromises, organizations must not only authenticate access but also enforce precise, rightsized privileges and limit the availability of access to high-value resources.Describing the attacks by the Ghost ransomware group as a commercial global onslaught, Agnidipta Sarkar, vice president CISO advisory at ColorTokens, said that, as a cyber-defense specialist, my first point is to understand how they find their victims. Given that we know that Ghost is looking for unpatched vulnerabilities in the likes of VPNs, firewalls, and other network appliances, all they need is one successful attempt to gain an initial access to victim networks, Sarkar said. The key to the success of these campaigns, according to Sarkar, would lie with the fact that. Most critical infrastructure cyber security leadership, especially in operational technology, those hardware and software systems that monitor and control physical processes, do not bother much about lateral movement.Finally, Tim Mackey, head of software supply chain risk strategy at Black Duck, told me that such attacks on legacy cyber-physical and Internet of Things devices are to be expected and, as such, must be planned for as part of the operational requirements for the device. Attackers know that best practices evolve, Mackey said, and even the most secure device from a decade ago is likely quite vulnerable to a modern-day attack, let alone those that may be mounted in the future. Given that the usable life span of any cyber-physical device is measured in years, and potentially decades, organizations acquiring any such device should work closely with their suppliers to ensure a long-term operations and risk mitigation plan is created that covers not only availability of patches but active sharing of threat scenario data, Mackey concluded.Four Steps To Take Today, According To The FBIThe FBI has advised that all organizations take the following actions, and take them today, to mitigate the risks attached to this most dangerous of ransomware attack campaigns.Maintain regular system backups stored separately from the source systems which cannot be altered or encrypted by potentially compromised network devices.Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe.Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization.Require Phishing-Resistant MFA for access to all privileged accounts and email services accounts.It goes without saying that phishing awareness training for users, applying the principle of least privilege when granting permissions and the disabling of unused ports are all also highly recommended. And finally, the FBI said that organizations should implement allowlisting for applications, scripts, and network traffic to prevent unauthorized execution and access.Ghost is a dangerous nation-state threat actor which organisations must take efforts to protect against, Juliette Hudson, chief technology officer at CybaVerse, said. The group is actively exploiting known CVEs in ubiquitous tech, highlighting the need for organisations to prioritise patching and remediation efforts.This advisory from the FBI and CISA highlights that the Ghost ransomware operation is utilising vulnerability exploits to gain access to organisations, which is divergence from the typical ransomware attacks that are executed via social engineering, Simon Phillips, chief technology officer at SecureAck, said. Given that the products Ghost targets are designed for businesses and the CVEs being exploited are so outdated, this highlights an urgent need to reinforce fundamental security practices.The FBI does not encourage paying a ransom, the security advisory said, arguing that such a payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, the FBI concluded, and encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.