• Meet NovelSeek: A Unified Multi-Agent Framework for Autonomous Scientific Research from Hypothesis Generation to Experimental Validation

    Scientific research across fields like chemistry, biology, and artificial intelligence has long relied on human experts to explore knowledge, generate ideas, design experiments, and refine results. Yet, as problems grow more complex and data-intensive, discovery slows. While AI tools, such as language models and robotics, can handle specific tasks, like literature searches or code analysis, they rarely encompass the entire research cycle. Bridging the gap between idea generation and experimental validation remains a key challenge. For AI to autonomously advance science, it must propose hypotheses, design and execute experiments, analyze outcomes, and refine approaches in an iterative loop. Without this integration, AI risks producing disconnected ideas that depend on human supervision for validation.
    Before the introduction of a unified system, researchers relied on separate tools for each stage of the process. Large language models could help find relevant scientific papers, but they didn’t directly feed into experiment design or result analysis. Robotics can assist in automating physical experiments, and coding libraries like PyTorch can help build models; however, these tools operate independently of each other. There was no single system capable of handling the entire process, from forming ideas to verifying them through experiments. This led to bottlenecks, where researchers had to connect the dots manually, slowing progress and leaving room for errors or missed opportunities. The need for an integrated system that could handle the entire research cycle became clear.
    Researchers from the NovelSeek Team at the Shanghai Artificial Intelligence Laboratory developed NovelSeek, an AI system designed to run the entire scientific discovery process autonomously. NovelSeek comprises four main modules that work in tandem: a system that generates and refines research ideas, a feedback loop where human experts can interact with and refine these ideas, a method for translating ideas into code and experiment plans, and a process for conducting multiple rounds of experiments. What makes NovelSeek stand out is its versatility; it works across 12 scientific research tasks, including predicting chemical reaction yields, understanding molecular dynamics, forecasting time-series data, and handling functions like 2D semantic segmentation and 3D object classification. The team designed NovelSeek to minimize human involvement, expedite discoveries, and deliver consistent, high-quality results.

    The system behind NovelSeek involves multiple specialized agents, each focused on a specific part of the research workflow. The “Survey Agent” helps the system understand the problem by searching scientific papers and identifying relevant information based on keywords and task definitions. It adapts its search strategy by first doing a broad survey of papers, then going deeper by analyzing full-text documents for detailed insights. This ensures that the system captures both general trends and specific technical knowledge. The “Code Review Agent” examines existing codebases, whether user-uploaded or sourced from public repositories like GitHub, to understand how current methods work and identify areas for improvement. It checks how code is structured, looks for errors, and creates summaries that help the system build on past work. The “Idea Innovation Agent” generates creative research ideas, pushing the system to explore different approaches and refine them by comparing them to related studies and previous results. The system even includes a “Planning and Execution Agent” that turns ideas into detailed experiments, handles errors during the testing process, and ensures smooth execution of multi-step research plans.

    NovelSeek delivered impressive results across various tasks. In chemical reaction yield prediction, NovelSeek improved performance from a baseline of 24.2%to 34.8%in just 12 hours, progress that human researchers typically need months to achieve. In enhancer activity prediction, a key task in biology, NovelSeek raised the Pearson correlation coefficient from 0.65 to 0.79 within 4 hours. For 2D semantic segmentation, a task used in computer vision, precision improved from 78.8% to 81.0% in just 30 hours. These performance boosts, achieved in a fraction of the time typically needed, highlight the system’s efficiency. NovelSeek also successfully managed large, complex codebases with multiple files, demonstrating its ability to handle research tasks at a project level, not just in small, isolated tests. The team has made the code open-source, allowing others to use, test, and contribute to its improvement.

    Several Key Takeaways from the Research on NovelSeek include:

    NovelSeek supports 12 research tasks, including chemical reaction prediction, molecular dynamics, and 3D object classification.
    Reaction yield prediction accuracy improved from 24.2% to 34.8% in 12 hours.
    Enhancer activity prediction performance increased from 0.65 to 0.79 in 4 hours.
    2D semantic segmentation precision improved from 78.8% to 81.0% in 30 hours.
    NovelSeek includes agents for literature search, code analysis, idea generation, and experiment execution.
    The system is open-source, enabling reproducibility and collaboration across scientific fields.

    In conclusion, NovelSeek demonstrates how combining AI tools into a single system can accelerate scientific discovery and reduce its dependence on human effort. It ties together the key steps, generating ideas, turning them into methods, and testing them through experiments, into one streamlined process. What once took researchers months or years can now be done in days or even hours. By linking every stage of research into a continuous loop, NovelSeek helps teams move from rough ideas to real-world results more quickly. This system highlights the power of AI not just to assist, but to drive scientific research in a way that could reshape how discoveries are made across many fields.

    Check out the Paper and GitHub Page . All credit for this research goes to the researchers of this project. Also, feel free to follow us on Twitter and don’t forget to join our 95k+ ML SubReddit and Subscribe to our Newsletter.
    NikhilNikhil is an intern consultant at Marktechpost. He is pursuing an integrated dual degree in Materials at the Indian Institute of Technology, Kharagpur. Nikhil is an AI/ML enthusiast who is always researching applications in fields like biomaterials and biomedical science. With a strong background in Material Science, he is exploring new advancements and creating opportunities to contribute.Nikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces ARM and Ada-GRPO: Adaptive Reasoning Models for Efficient and Scalable Problem-SolvingNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces WEB-SHEPHERD: A Process Reward Model for Web Agents with 40K Dataset and 10× Cost EfficiencyNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces MMaDA: A Unified Multimodal Diffusion Model for Textual Reasoning, Visual Understanding, and Image GenerationNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces Differentiable MCMC Layers: A New AI Framework for Learning with Inexact Combinatorial Solvers in Neural Networks
    #meet #novelseek #unified #multiagent #framework
    Meet NovelSeek: A Unified Multi-Agent Framework for Autonomous Scientific Research from Hypothesis Generation to Experimental Validation
    Scientific research across fields like chemistry, biology, and artificial intelligence has long relied on human experts to explore knowledge, generate ideas, design experiments, and refine results. Yet, as problems grow more complex and data-intensive, discovery slows. While AI tools, such as language models and robotics, can handle specific tasks, like literature searches or code analysis, they rarely encompass the entire research cycle. Bridging the gap between idea generation and experimental validation remains a key challenge. For AI to autonomously advance science, it must propose hypotheses, design and execute experiments, analyze outcomes, and refine approaches in an iterative loop. Without this integration, AI risks producing disconnected ideas that depend on human supervision for validation. Before the introduction of a unified system, researchers relied on separate tools for each stage of the process. Large language models could help find relevant scientific papers, but they didn’t directly feed into experiment design or result analysis. Robotics can assist in automating physical experiments, and coding libraries like PyTorch can help build models; however, these tools operate independently of each other. There was no single system capable of handling the entire process, from forming ideas to verifying them through experiments. This led to bottlenecks, where researchers had to connect the dots manually, slowing progress and leaving room for errors or missed opportunities. The need for an integrated system that could handle the entire research cycle became clear. Researchers from the NovelSeek Team at the Shanghai Artificial Intelligence Laboratory developed NovelSeek, an AI system designed to run the entire scientific discovery process autonomously. NovelSeek comprises four main modules that work in tandem: a system that generates and refines research ideas, a feedback loop where human experts can interact with and refine these ideas, a method for translating ideas into code and experiment plans, and a process for conducting multiple rounds of experiments. What makes NovelSeek stand out is its versatility; it works across 12 scientific research tasks, including predicting chemical reaction yields, understanding molecular dynamics, forecasting time-series data, and handling functions like 2D semantic segmentation and 3D object classification. The team designed NovelSeek to minimize human involvement, expedite discoveries, and deliver consistent, high-quality results. The system behind NovelSeek involves multiple specialized agents, each focused on a specific part of the research workflow. The “Survey Agent” helps the system understand the problem by searching scientific papers and identifying relevant information based on keywords and task definitions. It adapts its search strategy by first doing a broad survey of papers, then going deeper by analyzing full-text documents for detailed insights. This ensures that the system captures both general trends and specific technical knowledge. The “Code Review Agent” examines existing codebases, whether user-uploaded or sourced from public repositories like GitHub, to understand how current methods work and identify areas for improvement. It checks how code is structured, looks for errors, and creates summaries that help the system build on past work. The “Idea Innovation Agent” generates creative research ideas, pushing the system to explore different approaches and refine them by comparing them to related studies and previous results. The system even includes a “Planning and Execution Agent” that turns ideas into detailed experiments, handles errors during the testing process, and ensures smooth execution of multi-step research plans. NovelSeek delivered impressive results across various tasks. In chemical reaction yield prediction, NovelSeek improved performance from a baseline of 24.2%to 34.8%in just 12 hours, progress that human researchers typically need months to achieve. In enhancer activity prediction, a key task in biology, NovelSeek raised the Pearson correlation coefficient from 0.65 to 0.79 within 4 hours. For 2D semantic segmentation, a task used in computer vision, precision improved from 78.8% to 81.0% in just 30 hours. These performance boosts, achieved in a fraction of the time typically needed, highlight the system’s efficiency. NovelSeek also successfully managed large, complex codebases with multiple files, demonstrating its ability to handle research tasks at a project level, not just in small, isolated tests. The team has made the code open-source, allowing others to use, test, and contribute to its improvement. Several Key Takeaways from the Research on NovelSeek include: NovelSeek supports 12 research tasks, including chemical reaction prediction, molecular dynamics, and 3D object classification. Reaction yield prediction accuracy improved from 24.2% to 34.8% in 12 hours. Enhancer activity prediction performance increased from 0.65 to 0.79 in 4 hours. 2D semantic segmentation precision improved from 78.8% to 81.0% in 30 hours. NovelSeek includes agents for literature search, code analysis, idea generation, and experiment execution. The system is open-source, enabling reproducibility and collaboration across scientific fields. In conclusion, NovelSeek demonstrates how combining AI tools into a single system can accelerate scientific discovery and reduce its dependence on human effort. It ties together the key steps, generating ideas, turning them into methods, and testing them through experiments, into one streamlined process. What once took researchers months or years can now be done in days or even hours. By linking every stage of research into a continuous loop, NovelSeek helps teams move from rough ideas to real-world results more quickly. This system highlights the power of AI not just to assist, but to drive scientific research in a way that could reshape how discoveries are made across many fields. Check out the Paper and GitHub Page . All credit for this research goes to the researchers of this project. Also, feel free to follow us on Twitter and don’t forget to join our 95k+ ML SubReddit and Subscribe to our Newsletter. NikhilNikhil is an intern consultant at Marktechpost. He is pursuing an integrated dual degree in Materials at the Indian Institute of Technology, Kharagpur. Nikhil is an AI/ML enthusiast who is always researching applications in fields like biomaterials and biomedical science. With a strong background in Material Science, he is exploring new advancements and creating opportunities to contribute.Nikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces ARM and Ada-GRPO: Adaptive Reasoning Models for Efficient and Scalable Problem-SolvingNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces WEB-SHEPHERD: A Process Reward Model for Web Agents with 40K Dataset and 10× Cost EfficiencyNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces MMaDA: A Unified Multimodal Diffusion Model for Textual Reasoning, Visual Understanding, and Image GenerationNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces Differentiable MCMC Layers: A New AI Framework for Learning with Inexact Combinatorial Solvers in Neural Networks #meet #novelseek #unified #multiagent #framework
    WWW.MARKTECHPOST.COM
    Meet NovelSeek: A Unified Multi-Agent Framework for Autonomous Scientific Research from Hypothesis Generation to Experimental Validation
    Scientific research across fields like chemistry, biology, and artificial intelligence has long relied on human experts to explore knowledge, generate ideas, design experiments, and refine results. Yet, as problems grow more complex and data-intensive, discovery slows. While AI tools, such as language models and robotics, can handle specific tasks, like literature searches or code analysis, they rarely encompass the entire research cycle. Bridging the gap between idea generation and experimental validation remains a key challenge. For AI to autonomously advance science, it must propose hypotheses, design and execute experiments, analyze outcomes, and refine approaches in an iterative loop. Without this integration, AI risks producing disconnected ideas that depend on human supervision for validation. Before the introduction of a unified system, researchers relied on separate tools for each stage of the process. Large language models could help find relevant scientific papers, but they didn’t directly feed into experiment design or result analysis. Robotics can assist in automating physical experiments, and coding libraries like PyTorch can help build models; however, these tools operate independently of each other. There was no single system capable of handling the entire process, from forming ideas to verifying them through experiments. This led to bottlenecks, where researchers had to connect the dots manually, slowing progress and leaving room for errors or missed opportunities. The need for an integrated system that could handle the entire research cycle became clear. Researchers from the NovelSeek Team at the Shanghai Artificial Intelligence Laboratory developed NovelSeek, an AI system designed to run the entire scientific discovery process autonomously. NovelSeek comprises four main modules that work in tandem: a system that generates and refines research ideas, a feedback loop where human experts can interact with and refine these ideas, a method for translating ideas into code and experiment plans, and a process for conducting multiple rounds of experiments. What makes NovelSeek stand out is its versatility; it works across 12 scientific research tasks, including predicting chemical reaction yields, understanding molecular dynamics, forecasting time-series data, and handling functions like 2D semantic segmentation and 3D object classification. The team designed NovelSeek to minimize human involvement, expedite discoveries, and deliver consistent, high-quality results. The system behind NovelSeek involves multiple specialized agents, each focused on a specific part of the research workflow. The “Survey Agent” helps the system understand the problem by searching scientific papers and identifying relevant information based on keywords and task definitions. It adapts its search strategy by first doing a broad survey of papers, then going deeper by analyzing full-text documents for detailed insights. This ensures that the system captures both general trends and specific technical knowledge. The “Code Review Agent” examines existing codebases, whether user-uploaded or sourced from public repositories like GitHub, to understand how current methods work and identify areas for improvement. It checks how code is structured, looks for errors, and creates summaries that help the system build on past work. The “Idea Innovation Agent” generates creative research ideas, pushing the system to explore different approaches and refine them by comparing them to related studies and previous results. The system even includes a “Planning and Execution Agent” that turns ideas into detailed experiments, handles errors during the testing process, and ensures smooth execution of multi-step research plans. NovelSeek delivered impressive results across various tasks. In chemical reaction yield prediction, NovelSeek improved performance from a baseline of 24.2% (with a variation of ±4.2) to 34.8% (with a much smaller variation of ±1.1) in just 12 hours, progress that human researchers typically need months to achieve. In enhancer activity prediction, a key task in biology, NovelSeek raised the Pearson correlation coefficient from 0.65 to 0.79 within 4 hours. For 2D semantic segmentation, a task used in computer vision, precision improved from 78.8% to 81.0% in just 30 hours. These performance boosts, achieved in a fraction of the time typically needed, highlight the system’s efficiency. NovelSeek also successfully managed large, complex codebases with multiple files, demonstrating its ability to handle research tasks at a project level, not just in small, isolated tests. The team has made the code open-source, allowing others to use, test, and contribute to its improvement. Several Key Takeaways from the Research on NovelSeek include: NovelSeek supports 12 research tasks, including chemical reaction prediction, molecular dynamics, and 3D object classification. Reaction yield prediction accuracy improved from 24.2% to 34.8% in 12 hours. Enhancer activity prediction performance increased from 0.65 to 0.79 in 4 hours. 2D semantic segmentation precision improved from 78.8% to 81.0% in 30 hours. NovelSeek includes agents for literature search, code analysis, idea generation, and experiment execution. The system is open-source, enabling reproducibility and collaboration across scientific fields. In conclusion, NovelSeek demonstrates how combining AI tools into a single system can accelerate scientific discovery and reduce its dependence on human effort. It ties together the key steps, generating ideas, turning them into methods, and testing them through experiments, into one streamlined process. What once took researchers months or years can now be done in days or even hours. By linking every stage of research into a continuous loop, NovelSeek helps teams move from rough ideas to real-world results more quickly. This system highlights the power of AI not just to assist, but to drive scientific research in a way that could reshape how discoveries are made across many fields. Check out the Paper and GitHub Page . All credit for this research goes to the researchers of this project. Also, feel free to follow us on Twitter and don’t forget to join our 95k+ ML SubReddit and Subscribe to our Newsletter. NikhilNikhil is an intern consultant at Marktechpost. He is pursuing an integrated dual degree in Materials at the Indian Institute of Technology, Kharagpur. Nikhil is an AI/ML enthusiast who is always researching applications in fields like biomaterials and biomedical science. With a strong background in Material Science, he is exploring new advancements and creating opportunities to contribute.Nikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces ARM and Ada-GRPO: Adaptive Reasoning Models for Efficient and Scalable Problem-SolvingNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces WEB-SHEPHERD: A Process Reward Model for Web Agents with 40K Dataset and 10× Cost EfficiencyNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces MMaDA: A Unified Multimodal Diffusion Model for Textual Reasoning, Visual Understanding, and Image GenerationNikhilhttps://www.marktechpost.com/author/nikhil0980/This AI Paper Introduces Differentiable MCMC Layers: A New AI Framework for Learning with Inexact Combinatorial Solvers in Neural Networks
    0 Comentários 0 Compartilhamentos
  • Small-Batch + Cold-Shipped Kloo Refines Coffee Concentrate into a Luxury

    Kloo didn’t set out to eliminate the ritual of making coffee; they set out to refine it. Equal parts culinary secret weapon and everyday indulgence, Kloo is a small-batch coffee concentrate that delivers bold, specialty-grade flavor to everything from your first morning cup to cocktails and desserts. It’s part chef’s tool, part personal luxury – crafted for those who love to cook, love to host, and love a good cup of coffee.
    Kloo’s frosted glass bottle adorned with an artful screen-printed design, looks more like a fine spirit than a morning essential. The logo – a maze-like looped ‘K’ – reflects the brand’s ethos: complexity distilled into simplicity. It’s a bottle that signals premium, not just in flavor, but in form.

    Founded by mother-daughter duo Claudia Snoh and Mariella Cho, Kloo was created from a shared obsession with the nuance of great coffee. Mariella, a certified Q Grader, developed Kloo’s proprietary “super concentrate” brewing method to bring out the purest, most expressive flavor of each bean – then aged each batch for up to 21 days to deepen body and complexity.

    From sourcing to shipping, every detail is intentional. Kloo uses only specialty-grade beans, roasted in-house and brewed in small batches. The concentrate is then cold-shipped and kept refrigerated to preserve every note.
    A taste of the single-origin varieties:
    Colombia: Almond, maple syrup, blackberry
    Kenya: Grapefruit, lemongrass, dark chocolate
    Ethiopia: Peach, jasmine, wild berry
    Guatemala: Toffee, burnt toast, dark chocolate
    Each profile is bold enough to stand on its own, yet balanced enough to complement whatever you’re making.

    Unlike many concentrates, Kloo’s strength and consistency make it a natural fit for chefs and bakers, especially in large batches where precision matters. Whether you’re stirring it into a sauce or folding it into a batter, Kloo delivers depth, not bitterness. It’s a shortcut that doesn’t feel like one. And while it’s a favorite among chefs, it also belongs in every home cook’s fridge. You’ll find yourself reaching for it more than you expect – whether for an impromptu dessert, a 4pm boost, or an elevated cocktail.

    For those who love to gather, Kloo is a quiet revolution. It makes the art of hosting feel seamless – adding flavor, elegance, and just a little flair to your moments of connection. One of the best-kept secrets of the seasoned host? Bookend your gathering with memorable moments. Start high, end high – and do it with something that’s bold, caffeinated, and effortlessly chic.
    Welcome your guests with a low-ABV drink, perfect for warm afternoons.

    Kloo Stout
    1.5 oz Kloo coffee concentrate
    12 oz chocolatey stout or lager
    Preparation: Add chilled Kloo to the bottom of a pint glass, then slowly pour in the beer and let it mix naturally. Smooth, rich, and just unexpected enough to be a conversation starter.

    Close the evening by serving guests an easy and elegant dessert that never disappoints.
    Kloo Affogato
    1 scoop vanilla gelato
    1 shotKloo concentrate
    Preparation: Pour Kloo directly over the gelato just before serving. Dessert and coffee, all in one beautiful moment.
    Like most devout daily coffee drinkers, I’ve always been skeptical of concentrates – too often they’re bitter, flat, or forgettable. Kloo is different. It doesn’t replace the ritual of great coffee; it respects it, while making room for all the ways we actually live. Whether you’re brewing slowly, moving quickly, cooking for others, or just trying to get out the door, Kloo brings depth and intention – without asking you to compromise.

    For more information on Kloo, visit drinkkloo.com.
    Photography courtesy of Kloo.
    #smallbatch #coldshipped #kloo #refines #coffee
    Small-Batch + Cold-Shipped Kloo Refines Coffee Concentrate into a Luxury
    Kloo didn’t set out to eliminate the ritual of making coffee; they set out to refine it. Equal parts culinary secret weapon and everyday indulgence, Kloo is a small-batch coffee concentrate that delivers bold, specialty-grade flavor to everything from your first morning cup to cocktails and desserts. It’s part chef’s tool, part personal luxury – crafted for those who love to cook, love to host, and love a good cup of coffee. Kloo’s frosted glass bottle adorned with an artful screen-printed design, looks more like a fine spirit than a morning essential. The logo – a maze-like looped ‘K’ – reflects the brand’s ethos: complexity distilled into simplicity. It’s a bottle that signals premium, not just in flavor, but in form. Founded by mother-daughter duo Claudia Snoh and Mariella Cho, Kloo was created from a shared obsession with the nuance of great coffee. Mariella, a certified Q Grader, developed Kloo’s proprietary “super concentrate” brewing method to bring out the purest, most expressive flavor of each bean – then aged each batch for up to 21 days to deepen body and complexity. From sourcing to shipping, every detail is intentional. Kloo uses only specialty-grade beans, roasted in-house and brewed in small batches. The concentrate is then cold-shipped and kept refrigerated to preserve every note. A taste of the single-origin varieties: Colombia: Almond, maple syrup, blackberry Kenya: Grapefruit, lemongrass, dark chocolate Ethiopia: Peach, jasmine, wild berry Guatemala: Toffee, burnt toast, dark chocolate Each profile is bold enough to stand on its own, yet balanced enough to complement whatever you’re making. Unlike many concentrates, Kloo’s strength and consistency make it a natural fit for chefs and bakers, especially in large batches where precision matters. Whether you’re stirring it into a sauce or folding it into a batter, Kloo delivers depth, not bitterness. It’s a shortcut that doesn’t feel like one. And while it’s a favorite among chefs, it also belongs in every home cook’s fridge. You’ll find yourself reaching for it more than you expect – whether for an impromptu dessert, a 4pm boost, or an elevated cocktail. For those who love to gather, Kloo is a quiet revolution. It makes the art of hosting feel seamless – adding flavor, elegance, and just a little flair to your moments of connection. One of the best-kept secrets of the seasoned host? Bookend your gathering with memorable moments. Start high, end high – and do it with something that’s bold, caffeinated, and effortlessly chic. Welcome your guests with a low-ABV drink, perfect for warm afternoons. Kloo Stout 1.5 oz Kloo coffee concentrate 12 oz chocolatey stout or lager Preparation: Add chilled Kloo to the bottom of a pint glass, then slowly pour in the beer and let it mix naturally. Smooth, rich, and just unexpected enough to be a conversation starter. Close the evening by serving guests an easy and elegant dessert that never disappoints. Kloo Affogato 1 scoop vanilla gelato 1 shotKloo concentrate Preparation: Pour Kloo directly over the gelato just before serving. Dessert and coffee, all in one beautiful moment. Like most devout daily coffee drinkers, I’ve always been skeptical of concentrates – too often they’re bitter, flat, or forgettable. Kloo is different. It doesn’t replace the ritual of great coffee; it respects it, while making room for all the ways we actually live. Whether you’re brewing slowly, moving quickly, cooking for others, or just trying to get out the door, Kloo brings depth and intention – without asking you to compromise. For more information on Kloo, visit drinkkloo.com. Photography courtesy of Kloo. #smallbatch #coldshipped #kloo #refines #coffee
    DESIGN-MILK.COM
    Small-Batch + Cold-Shipped Kloo Refines Coffee Concentrate into a Luxury
    Kloo didn’t set out to eliminate the ritual of making coffee; they set out to refine it. Equal parts culinary secret weapon and everyday indulgence, Kloo is a small-batch coffee concentrate that delivers bold, specialty-grade flavor to everything from your first morning cup to cocktails and desserts. It’s part chef’s tool, part personal luxury – crafted for those who love to cook, love to host, and love a good cup of coffee. Kloo’s frosted glass bottle adorned with an artful screen-printed design, looks more like a fine spirit than a morning essential. The logo – a maze-like looped ‘K’ – reflects the brand’s ethos: complexity distilled into simplicity. It’s a bottle that signals premium, not just in flavor, but in form. Founded by mother-daughter duo Claudia Snoh and Mariella Cho, Kloo was created from a shared obsession with the nuance of great coffee. Mariella, a certified Q Grader (the coffee world’s version of a sommelier), developed Kloo’s proprietary “super concentrate” brewing method to bring out the purest, most expressive flavor of each bean – then aged each batch for up to 21 days to deepen body and complexity. From sourcing to shipping, every detail is intentional. Kloo uses only specialty-grade beans (each scoring 85+ by Q Graders), roasted in-house and brewed in small batches. The concentrate is then cold-shipped and kept refrigerated to preserve every note. A taste of the single-origin varieties: Colombia (Venecia, Cundinamarca): Almond, maple syrup, blackberry Kenya (Karundu, Nyeri): Grapefruit, lemongrass, dark chocolate Ethiopia (Adado, Yirgacheffe): Peach, jasmine, wild berry Guatemala (Pasajquim, Atitlán): Toffee, burnt toast, dark chocolate Each profile is bold enough to stand on its own, yet balanced enough to complement whatever you’re making. Unlike many concentrates, Kloo’s strength and consistency make it a natural fit for chefs and bakers, especially in large batches where precision matters. Whether you’re stirring it into a sauce or folding it into a batter, Kloo delivers depth, not bitterness. It’s a shortcut that doesn’t feel like one. And while it’s a favorite among chefs, it also belongs in every home cook’s fridge. You’ll find yourself reaching for it more than you expect – whether for an impromptu dessert, a 4pm boost, or an elevated cocktail. For those who love to gather, Kloo is a quiet revolution. It makes the art of hosting feel seamless – adding flavor, elegance, and just a little flair to your moments of connection. One of the best-kept secrets of the seasoned host? Bookend your gathering with memorable moments. Start high, end high – and do it with something that’s bold, caffeinated, and effortlessly chic. Welcome your guests with a low-ABV drink, perfect for warm afternoons. Kloo Stout 1.5 oz Kloo coffee concentrate 12 oz chocolatey stout or lager Preparation: Add chilled Kloo to the bottom of a pint glass, then slowly pour in the beer and let it mix naturally. Smooth, rich, and just unexpected enough to be a conversation starter. Close the evening by serving guests an easy and elegant dessert that never disappoints. Kloo Affogato 1 scoop vanilla gelato 1 shot (about 1.5 oz) Kloo concentrate Preparation: Pour Kloo directly over the gelato just before serving. Dessert and coffee, all in one beautiful moment. Like most devout daily coffee drinkers, I’ve always been skeptical of concentrates – too often they’re bitter, flat, or forgettable. Kloo is different. It doesn’t replace the ritual of great coffee; it respects it, while making room for all the ways we actually live. Whether you’re brewing slowly, moving quickly, cooking for others, or just trying to get out the door, Kloo brings depth and intention – without asking you to compromise. For more information on Kloo, visit drinkkloo.com. Photography courtesy of Kloo.
    0 Comentários 0 Compartilhamentos
  • New Perplexity Labs platform launched for those ‘who want to bring an entire idea to life’

    Perplexity this week released Perplexity Labs, a new tool for Pro users that can craft reports, spreadsheets, dashboards, and visual representations, to meet users’ increased demand for AI productivity tools with greater autonomy and ever more sophisticated capabilities. The platform, a rival to Anthropic Claude, OpenAI’s ChatGPT, and Google Gemini, can even work on its own for 10 minutesas it reasons through complicated assignments.

    “Labs underscores a broader shift toward multi-agent AI systems that plan, execute, and refine full workflows,” said Thomas Randall, research lead for AI at Info-Tech Research Group.

    Designed to handle more complex assignments

    Perplexity launched Perplexity Search, its proprietary search engine, in December 2022, just after ChatGPT dropped, and earlier this year released Deep Research, which scours the web, reads papers, reasons through materials, and creates comprehensive reports for users.

    The company says that Perplexity Labs is like “having a team” that can bring projects from ideation to reality. The platform creates reports, spreadsheets, dashboards and simple web apps. It can perform at least 10 minutes of self-supervised work, uses web browsing, writes and executes code to handle tasks like organizing data or applying formulas, and can create charts and images.

    “In some respects, this is a continuation of Perplexity’s original capabilities as an AI-driven search engine that provides deeper answers,” said Hyoun Park, CEO and chief analyst at Amalgam Insights.

    Indeed, Perplexity explained that Labs was designed to handle more complex assignments than Deep Research.

    “While Deep Research remains the fastest way to obtain comprehensive answers to in-depth questions —  typically within 3 or 4 minutes — Labs is designed to invest more timeand leverage additional tools, such as advanced file generation and mini-app creation,” Perplexity wrote in a blog post. “This expanded capability empowers you to develop a broader array of deliverables for your projects.”

    With its longer research workflow, Perplexity Labs can generate spreadsheets, visual representations, and high-quality reports, the company said. It iteratively searches through hundreds of sources, reasons about that data, and refines its approach as it gets deeper into a project, similar to the way in which a human researcher might approach a new area of study.

    To create interactive dashboards without the need for coding expertise or external development tools like Ploty and Dash, users just describe what they’re visualizing in natural language, and Labs will generate it in real-time. Dashboards could, for instance, visualize business finances or other complex datasets, incorporating clickable elements to allow non-technical users to quickly act on insights.

    In one example from the blog, Perplexity prompted Labs from the position of a leader at a tech consulting firm looking to create a potential customer list. It specified that it wanted to partner with US B2B companies in seed, series A, or series B stages, and asked Labs to list 20 relevant companies and include key details including contact information.

    Labs compiled a comprehensive dataset of potential customers, organizing them by stageand identified their core focus, intended customers, and funding to date. The platform cited links from Forbes, YCombinator, and Exploding Topics that it had used as sources. When further prompted, it crafted introductory emails to the CEOs of the series A startups.

    To simplify workflows, Labs arranges generated files in a dedicated tab for easy access, supports integration with other tools such as Google Sheets, and allows users to pull out and format citations to bring credibility to its research. Finished materials can be exported as PDFs or documents, or converted into a shareable Perplexity Page.

    Pro subscriberscan now work with Labs on Web, iOS, and Android; Mac and Windows apps are coming soon.

    A good fit for enterprise users?

    This new capability joins an increasingly competitive space, as users look for AI productivity tools that are ever-more performant and can handle more and more tasks autonomously.

    Park pointed out that Perplexity Labs is a response to tools and models such as OpenAI o1-pro, Claude Opus 4, and Google’s recent Flow and Firebase announcements.

    “There is a massive Hunger Games in the AI world right now,” said Park. “Every major vendor is ferociously trying to one-up each other in providing more functionality, either in a native model or with an agency of AI agents designed to work together and create digital assets such as documents, apps, and videos.”

    However, Perplexity Labs does provide differentiation from other providers in the market, Info-Tech’s Randall noted. In particular, Perplexity is betting that users will prefer a “low-cost, open, tool-agnostic sandbox” for web crawling, code execution, and the creation of finished artifacts including mini web apps.

    “These capabilities cannot yet be found in other enterprise platforms, such as Microsoft or Google offerings,” said Randall.

    But enterprises should approach Perplexity Labs with a governance-first mindset, he emphasized. Assets live in Perplexity’s cloud and, for now, lack the private data grounding and compliance controls that CIOs expect, and that they find in tools such as Microsoft Copilot or Google Gemini.

    From an enterprise perspective, Park noted, the biggest challenge is that every asset-creating model and agent is “still opaque” when it comes to understanding the assumptions, training, and reliability of assumptions used to create a document or app. He compared it to the way the iPhone bypassed BlackBerry and Windows through “sheer consumer delight.”

    “At some point, AI vendors seeking serious business usage will need to provide more transparency and governance tools to the business world, just as mobile device management and mobile security solutions eventually came to the iPhone,” said Park.

    Otherwise, businesses may be compelled to build their own clunky but secure versions of Perplexity Labs, “which are guaranteed to be less accurate and useful justthe history of business apps trying to imitate viral consumer apps,” he said.
    #new #perplexity #labs #platform #launched
    New Perplexity Labs platform launched for those ‘who want to bring an entire idea to life’
    Perplexity this week released Perplexity Labs, a new tool for Pro users that can craft reports, spreadsheets, dashboards, and visual representations, to meet users’ increased demand for AI productivity tools with greater autonomy and ever more sophisticated capabilities. The platform, a rival to Anthropic Claude, OpenAI’s ChatGPT, and Google Gemini, can even work on its own for 10 minutesas it reasons through complicated assignments. “Labs underscores a broader shift toward multi-agent AI systems that plan, execute, and refine full workflows,” said Thomas Randall, research lead for AI at Info-Tech Research Group. Designed to handle more complex assignments Perplexity launched Perplexity Search, its proprietary search engine, in December 2022, just after ChatGPT dropped, and earlier this year released Deep Research, which scours the web, reads papers, reasons through materials, and creates comprehensive reports for users. The company says that Perplexity Labs is like “having a team” that can bring projects from ideation to reality. The platform creates reports, spreadsheets, dashboards and simple web apps. It can perform at least 10 minutes of self-supervised work, uses web browsing, writes and executes code to handle tasks like organizing data or applying formulas, and can create charts and images. “In some respects, this is a continuation of Perplexity’s original capabilities as an AI-driven search engine that provides deeper answers,” said Hyoun Park, CEO and chief analyst at Amalgam Insights. Indeed, Perplexity explained that Labs was designed to handle more complex assignments than Deep Research. “While Deep Research remains the fastest way to obtain comprehensive answers to in-depth questions —  typically within 3 or 4 minutes — Labs is designed to invest more timeand leverage additional tools, such as advanced file generation and mini-app creation,” Perplexity wrote in a blog post. “This expanded capability empowers you to develop a broader array of deliverables for your projects.” With its longer research workflow, Perplexity Labs can generate spreadsheets, visual representations, and high-quality reports, the company said. It iteratively searches through hundreds of sources, reasons about that data, and refines its approach as it gets deeper into a project, similar to the way in which a human researcher might approach a new area of study. To create interactive dashboards without the need for coding expertise or external development tools like Ploty and Dash, users just describe what they’re visualizing in natural language, and Labs will generate it in real-time. Dashboards could, for instance, visualize business finances or other complex datasets, incorporating clickable elements to allow non-technical users to quickly act on insights. In one example from the blog, Perplexity prompted Labs from the position of a leader at a tech consulting firm looking to create a potential customer list. It specified that it wanted to partner with US B2B companies in seed, series A, or series B stages, and asked Labs to list 20 relevant companies and include key details including contact information. Labs compiled a comprehensive dataset of potential customers, organizing them by stageand identified their core focus, intended customers, and funding to date. The platform cited links from Forbes, YCombinator, and Exploding Topics that it had used as sources. When further prompted, it crafted introductory emails to the CEOs of the series A startups. To simplify workflows, Labs arranges generated files in a dedicated tab for easy access, supports integration with other tools such as Google Sheets, and allows users to pull out and format citations to bring credibility to its research. Finished materials can be exported as PDFs or documents, or converted into a shareable Perplexity Page. Pro subscriberscan now work with Labs on Web, iOS, and Android; Mac and Windows apps are coming soon. A good fit for enterprise users? This new capability joins an increasingly competitive space, as users look for AI productivity tools that are ever-more performant and can handle more and more tasks autonomously. Park pointed out that Perplexity Labs is a response to tools and models such as OpenAI o1-pro, Claude Opus 4, and Google’s recent Flow and Firebase announcements. “There is a massive Hunger Games in the AI world right now,” said Park. “Every major vendor is ferociously trying to one-up each other in providing more functionality, either in a native model or with an agency of AI agents designed to work together and create digital assets such as documents, apps, and videos.” However, Perplexity Labs does provide differentiation from other providers in the market, Info-Tech’s Randall noted. In particular, Perplexity is betting that users will prefer a “low-cost, open, tool-agnostic sandbox” for web crawling, code execution, and the creation of finished artifacts including mini web apps. “These capabilities cannot yet be found in other enterprise platforms, such as Microsoft or Google offerings,” said Randall. But enterprises should approach Perplexity Labs with a governance-first mindset, he emphasized. Assets live in Perplexity’s cloud and, for now, lack the private data grounding and compliance controls that CIOs expect, and that they find in tools such as Microsoft Copilot or Google Gemini. From an enterprise perspective, Park noted, the biggest challenge is that every asset-creating model and agent is “still opaque” when it comes to understanding the assumptions, training, and reliability of assumptions used to create a document or app. He compared it to the way the iPhone bypassed BlackBerry and Windows through “sheer consumer delight.” “At some point, AI vendors seeking serious business usage will need to provide more transparency and governance tools to the business world, just as mobile device management and mobile security solutions eventually came to the iPhone,” said Park. Otherwise, businesses may be compelled to build their own clunky but secure versions of Perplexity Labs, “which are guaranteed to be less accurate and useful justthe history of business apps trying to imitate viral consumer apps,” he said. #new #perplexity #labs #platform #launched
    WWW.COMPUTERWORLD.COM
    New Perplexity Labs platform launched for those ‘who want to bring an entire idea to life’
    Perplexity this week released Perplexity Labs, a new tool for Pro users that can craft reports, spreadsheets, dashboards, and visual representations, to meet users’ increased demand for AI productivity tools with greater autonomy and ever more sophisticated capabilities. The platform, a rival to Anthropic Claude, OpenAI’s ChatGPT, and Google Gemini, can even work on its own for 10 minutes (or more) as it reasons through complicated assignments. “Labs underscores a broader shift toward multi-agent AI systems that plan, execute, and refine full workflows,” said Thomas Randall, research lead for AI at Info-Tech Research Group. Designed to handle more complex assignments Perplexity launched Perplexity Search, its proprietary search engine, in December 2022, just after ChatGPT dropped, and earlier this year released Deep Research (now to be rebranded as Research), which scours the web, reads papers, reasons through materials, and creates comprehensive reports for users. The company says that Perplexity Labs is like “having a team” that can bring projects from ideation to reality. The platform creates reports, spreadsheets, dashboards and simple web apps. It can perform at least 10 minutes of self-supervised work, uses web browsing, writes and executes code to handle tasks like organizing data or applying formulas, and can create charts and images. “In some respects, this is a continuation of Perplexity’s original capabilities as an AI-driven search engine that provides deeper answers,” said Hyoun Park, CEO and chief analyst at Amalgam Insights. Indeed, Perplexity explained that Labs was designed to handle more complex assignments than Deep Research. “While Deep Research remains the fastest way to obtain comprehensive answers to in-depth questions —  typically within 3 or 4 minutes — Labs is designed to invest more time (10  minutes or longer) and leverage additional tools, such as advanced file generation and mini-app creation,” Perplexity wrote in a blog post. “This expanded capability empowers you to develop a broader array of deliverables for your projects.” With its longer research workflow, Perplexity Labs can generate spreadsheets, visual representations, and high-quality reports, the company said. It iteratively searches through hundreds of sources, reasons about that data, and refines its approach as it gets deeper into a project, similar to the way in which a human researcher might approach a new area of study. To create interactive dashboards without the need for coding expertise or external development tools like Ploty and Dash, users just describe what they’re visualizing in natural language, and Labs will generate it in real-time. Dashboards could, for instance, visualize business finances or other complex datasets, incorporating clickable elements to allow non-technical users to quickly act on insights. In one example from the blog, Perplexity prompted Labs from the position of a leader at a tech consulting firm looking to create a potential customer list. It specified that it wanted to partner with US B2B companies in seed, series A, or series B stages, and asked Labs to list 20 relevant companies and include key details including contact information. Labs compiled a comprehensive dataset of potential customers, organizing them by stage (A, B, or seed) and identified their core focus, intended customers, and funding to date. The platform cited links from Forbes, YCombinator, and Exploding Topics that it had used as sources. When further prompted, it crafted introductory emails to the CEOs of the series A startups. To simplify workflows, Labs arranges generated files in a dedicated tab for easy access, supports integration with other tools such as Google Sheets, and allows users to pull out and format citations to bring credibility to its research. Finished materials can be exported as PDFs or documents, or converted into a shareable Perplexity Page. Pro subscribers ($20 a month) can now work with Labs on Web, iOS, and Android; Mac and Windows apps are coming soon. A good fit for enterprise users? This new capability joins an increasingly competitive space, as users look for AI productivity tools that are ever-more performant and can handle more and more tasks autonomously. Park pointed out that Perplexity Labs is a response to tools and models such as OpenAI o1-pro (launched in March), Claude Opus 4 (released in May), and Google’s recent Flow and Firebase announcements. “There is a massive Hunger Games in the AI world right now,” said Park. “Every major vendor is ferociously trying to one-up each other in providing more functionality, either in a native model or with an agency of AI agents designed to work together and create digital assets such as documents, apps, and videos.” However, Perplexity Labs does provide differentiation from other providers in the market, Info-Tech’s Randall noted. In particular, Perplexity is betting that users will prefer a “low-cost, open, tool-agnostic sandbox” for web crawling, code execution, and the creation of finished artifacts including mini web apps. “These capabilities cannot yet be found in other enterprise platforms, such as Microsoft or Google offerings,” said Randall. But enterprises should approach Perplexity Labs with a governance-first mindset, he emphasized. Assets live in Perplexity’s cloud and, for now, lack the private data grounding and compliance controls that CIOs expect, and that they find in tools such as Microsoft Copilot or Google Gemini. From an enterprise perspective, Park noted, the biggest challenge is that every asset-creating model and agent is “still opaque” when it comes to understanding the assumptions, training, and reliability of assumptions used to create a document or app. He compared it to the way the iPhone bypassed BlackBerry and Windows through “sheer consumer delight.” “At some point, AI vendors seeking serious business usage will need to provide more transparency and governance tools to the business world, just as mobile device management and mobile security solutions eventually came to the iPhone,” said Park. Otherwise, businesses may be compelled to build their own clunky but secure versions of Perplexity Labs, “which are guaranteed to be less accurate and useful just [based on] the history of business apps trying to imitate viral consumer apps,” he said.
    0 Comentários 0 Compartilhamentos
  • China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

    May 30, 2025Ravie LakshmananVulnerability / Threat Intelligence

    The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.
    "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend Micro security researcher Joseph C Chen said in an analysis published this week. "The actor also takes advantage of various known vulnerabilities to exploit public-facing servers."
    Some of the other prominent targets of the adversarial collective include Indonesia, Malaysia, the Philippines, Thailand, and Vietnam.
    The cybersecurity company is tracking the activity under the moniker Earth Lamia, stating the activity shares some degree of overlap with threat clusters documented by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks Unit 42 as CL-STA-0048.

    Each of these attacks has targeted organizations spanning multiple sectors in South Asia, often leveraging internet-exposed Microsoft SQL Servers and other instances to conduct reconnaissance, deploy post-exploitation tools like Cobalt Strike and Supershell, and establish proxy tunnels to the victim networks using Rakshasa and Stowaway.
    Also used are privilege escalation tools like GodPotato and JuicyPotato; network scanning utilities such as Fscan and Kscan; and legitimate programs like wevtutil.exe to clean Windows Application, System, and Security event logs.
    Select intrusions aimed at Indian entities have also attempted to deploy Mimic ransomware binaries to encrypt victim files, although the efforts were largely unsuccessful.
    "While the actors were seen staging the Mimic ransomware binaries in all observed incidents, the ransomware often did not successfully execute, and in several instances, the actors were seen attempting to delete the binaries after being deployed," Sophos noted in an analysis published in August 2024.
    Then earlier this month, EclecticIQ disclosed that CL-STA-0048 was one among the many China-nexus cyber espionage groups to exploit CVE-2025-31324, a critical unauthenticated file upload vulnerability in SAP NetWeaver to establish a reverse shell to infrastructure under its control.

    Besides CVE-2025-31324, the hacking crew is said to have weaponized as many as eight different vulnerabilities to breach public-facing servers -

    CVE-2017-9805 - Apache Struts2 remote code execution vulnerability
    CVE-2021-22205 - GitLab remote code execution vulnerability
    CVE-2024-9047 - WordPress File Upload plugin arbitrary file access vulnerability
    CVE-2024-27198 - JetBrains TeamCity authentication bypass vulnerability
    CVE-2024-27199 - JetBrains TeamCity path traversal vulnerability
    CVE-2024-51378 - CyberPanel remote code execution vulnerability
    CVE-2024-51567 - CyberPanel remote code execution vulnerability
    CVE-2024-56145 - Craft CMS remote code execution vulnerability

    Describing it as "highly active," Trend Micro noted that the threat actor has shifted its focus from financial services to logistics and online retail, and most recently, to IT companies, universities, and government organizations.

    "In early 2024 and prior, we observed that most of their targets were organizations within the financial industry, specifically related to securities and brokerage," the company said. "In the second half of 2024, they shifted their targets to organizations mainly in the logistics and online retail industries. Recently, we noticed that their targets have shifted again to IT companies, universities, and government organizations."
    A noteworthy technique adopted by Earth Lamia is to launch its custom backdoors like PULSEPACK via DLL side-loading, an approach widely embraced by Chinese hacking groups. A modular .NET-based implant, PULSEPACK communicates with a remote server to retrieve various plugins to carry out its functions.
    Trend Micro said it observed in March 2025 an updated version of the backdoor that changes the command-and-controlcommunication method from TCP to WebSocket, indicating active ongoing development of the malware.
    "Earth Lamia is conducting its operations across multiple countries and industries with aggressive intentions," it concluded. "At the same time, the threat actor continuously refines their attack tactics by developing custom hacking tools and new backdoors."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #chinalinked #hackers #exploit #sap #sql
    China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
    May 30, 2025Ravie LakshmananVulnerability / Threat Intelligence The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend Micro security researcher Joseph C Chen said in an analysis published this week. "The actor also takes advantage of various known vulnerabilities to exploit public-facing servers." Some of the other prominent targets of the adversarial collective include Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. The cybersecurity company is tracking the activity under the moniker Earth Lamia, stating the activity shares some degree of overlap with threat clusters documented by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks Unit 42 as CL-STA-0048. Each of these attacks has targeted organizations spanning multiple sectors in South Asia, often leveraging internet-exposed Microsoft SQL Servers and other instances to conduct reconnaissance, deploy post-exploitation tools like Cobalt Strike and Supershell, and establish proxy tunnels to the victim networks using Rakshasa and Stowaway. Also used are privilege escalation tools like GodPotato and JuicyPotato; network scanning utilities such as Fscan and Kscan; and legitimate programs like wevtutil.exe to clean Windows Application, System, and Security event logs. Select intrusions aimed at Indian entities have also attempted to deploy Mimic ransomware binaries to encrypt victim files, although the efforts were largely unsuccessful. "While the actors were seen staging the Mimic ransomware binaries in all observed incidents, the ransomware often did not successfully execute, and in several instances, the actors were seen attempting to delete the binaries after being deployed," Sophos noted in an analysis published in August 2024. Then earlier this month, EclecticIQ disclosed that CL-STA-0048 was one among the many China-nexus cyber espionage groups to exploit CVE-2025-31324, a critical unauthenticated file upload vulnerability in SAP NetWeaver to establish a reverse shell to infrastructure under its control. Besides CVE-2025-31324, the hacking crew is said to have weaponized as many as eight different vulnerabilities to breach public-facing servers - CVE-2017-9805 - Apache Struts2 remote code execution vulnerability CVE-2021-22205 - GitLab remote code execution vulnerability CVE-2024-9047 - WordPress File Upload plugin arbitrary file access vulnerability CVE-2024-27198 - JetBrains TeamCity authentication bypass vulnerability CVE-2024-27199 - JetBrains TeamCity path traversal vulnerability CVE-2024-51378 - CyberPanel remote code execution vulnerability CVE-2024-51567 - CyberPanel remote code execution vulnerability CVE-2024-56145 - Craft CMS remote code execution vulnerability Describing it as "highly active," Trend Micro noted that the threat actor has shifted its focus from financial services to logistics and online retail, and most recently, to IT companies, universities, and government organizations. "In early 2024 and prior, we observed that most of their targets were organizations within the financial industry, specifically related to securities and brokerage," the company said. "In the second half of 2024, they shifted their targets to organizations mainly in the logistics and online retail industries. Recently, we noticed that their targets have shifted again to IT companies, universities, and government organizations." A noteworthy technique adopted by Earth Lamia is to launch its custom backdoors like PULSEPACK via DLL side-loading, an approach widely embraced by Chinese hacking groups. A modular .NET-based implant, PULSEPACK communicates with a remote server to retrieve various plugins to carry out its functions. Trend Micro said it observed in March 2025 an updated version of the backdoor that changes the command-and-controlcommunication method from TCP to WebSocket, indicating active ongoing development of the malware. "Earth Lamia is conducting its operations across multiple countries and industries with aggressive intentions," it concluded. "At the same time, the threat actor continuously refines their attack tactics by developing custom hacking tools and new backdoors." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #chinalinked #hackers #exploit #sap #sql
    THEHACKERNEWS.COM
    China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
    May 30, 2025Ravie LakshmananVulnerability / Threat Intelligence The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend Micro security researcher Joseph C Chen said in an analysis published this week. "The actor also takes advantage of various known vulnerabilities to exploit public-facing servers." Some of the other prominent targets of the adversarial collective include Indonesia, Malaysia, the Philippines, Thailand, and Vietnam. The cybersecurity company is tracking the activity under the moniker Earth Lamia, stating the activity shares some degree of overlap with threat clusters documented by Elastic Security Labs as REF0657, Sophos as STAC6451, and Palo Alto Networks Unit 42 as CL-STA-0048. Each of these attacks has targeted organizations spanning multiple sectors in South Asia, often leveraging internet-exposed Microsoft SQL Servers and other instances to conduct reconnaissance, deploy post-exploitation tools like Cobalt Strike and Supershell, and establish proxy tunnels to the victim networks using Rakshasa and Stowaway. Also used are privilege escalation tools like GodPotato and JuicyPotato; network scanning utilities such as Fscan and Kscan; and legitimate programs like wevtutil.exe to clean Windows Application, System, and Security event logs. Select intrusions aimed at Indian entities have also attempted to deploy Mimic ransomware binaries to encrypt victim files, although the efforts were largely unsuccessful. "While the actors were seen staging the Mimic ransomware binaries in all observed incidents, the ransomware often did not successfully execute, and in several instances, the actors were seen attempting to delete the binaries after being deployed," Sophos noted in an analysis published in August 2024. Then earlier this month, EclecticIQ disclosed that CL-STA-0048 was one among the many China-nexus cyber espionage groups to exploit CVE-2025-31324, a critical unauthenticated file upload vulnerability in SAP NetWeaver to establish a reverse shell to infrastructure under its control. Besides CVE-2025-31324, the hacking crew is said to have weaponized as many as eight different vulnerabilities to breach public-facing servers - CVE-2017-9805 - Apache Struts2 remote code execution vulnerability CVE-2021-22205 - GitLab remote code execution vulnerability CVE-2024-9047 - WordPress File Upload plugin arbitrary file access vulnerability CVE-2024-27198 - JetBrains TeamCity authentication bypass vulnerability CVE-2024-27199 - JetBrains TeamCity path traversal vulnerability CVE-2024-51378 - CyberPanel remote code execution vulnerability CVE-2024-51567 - CyberPanel remote code execution vulnerability CVE-2024-56145 - Craft CMS remote code execution vulnerability Describing it as "highly active," Trend Micro noted that the threat actor has shifted its focus from financial services to logistics and online retail, and most recently, to IT companies, universities, and government organizations. "In early 2024 and prior, we observed that most of their targets were organizations within the financial industry, specifically related to securities and brokerage," the company said. "In the second half of 2024, they shifted their targets to organizations mainly in the logistics and online retail industries. Recently, we noticed that their targets have shifted again to IT companies, universities, and government organizations." A noteworthy technique adopted by Earth Lamia is to launch its custom backdoors like PULSEPACK via DLL side-loading, an approach widely embraced by Chinese hacking groups. A modular .NET-based implant, PULSEPACK communicates with a remote server to retrieve various plugins to carry out its functions. Trend Micro said it observed in March 2025 an updated version of the backdoor that changes the command-and-control (C2) communication method from TCP to WebSocket, indicating active ongoing development of the malware. "Earth Lamia is conducting its operations across multiple countries and industries with aggressive intentions," it concluded. "At the same time, the threat actor continuously refines their attack tactics by developing custom hacking tools and new backdoors." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    0 Comentários 0 Compartilhamentos