[Teddy Warner]’s GPenT (Generative Pen-trained Transformer) project is a wall-mounted polargraph that makes plotter art, but there’s a whole lot more going on than one might think. This project was partly born from [Teddy]’s ideas about how to use aspects of machine learning in ways that were really never intended. What resulted is a wall-mounted pen plotter that offers a load of different ‘generators’ — ways to create line art — that range from procedural patterns, to image uploads, to the titular machine learning shenanigans.

Want to see the capabilities for yourself? There’s a publicly accessible version of the plotter interface that lets one play with the different generators. The public instance is not connected to a physical plotter, but one can still generate and preview plots, and download the resulting SVG file or G-code.

Most of the generators do not involve machine learning, but the unusual generative angle is well-represented by two of them: dcode and GPenT.

dcode is a diffusion model that, instead of converting a text prompt into an image, has been trained to convert text directly into G-code. It’s very much a square peg in a round hole. Visually it’s perhaps not the most exciting, but as a concept it’s fascinating.

The titular GPenT works like this: give it a scrap of text inspiration (a seed, if you will), and that becomes a combination of other generators and parameters, machine-selected and stacked with one another to produce a final composition. The results are unique, to say the least.

Once the generators make something, the framed and wall-mounted plotter turns it into physical lines on paper. Watch the system’s first plot happen in the video, embedded below under the page break.

This is a monster of a project representing a custom CNC pen plotter, a frame to hold it, and the whole software pipeline both for the CNC machine as well as generating what it plots. Of course, the journey involved a few false starts and dead ends, but they’re all pretty interesting. The plotter’s GitHub repository combined with [Teddy]’s write up has all the details one may need.

It’s also one of those years-in-the-making projects that ultimately got finished and, we think, doing so led to a bit of a sigh of relief on [Teddy]’s part. Most of us have unfinished projects, and if you have one that’s being a bit of a drag, we’d like to remind you that you don’t necessarily have to finish-finish a project to get it off your plate. We have some solid advice on how to (productively) let go.

Chinese AI startup Zhupai aka z.ai is back this week with an eye-popping new frontier large language model: GLM-5.

The latest in z.ai’s ongoing and continually impressive GLM series, it retains an open source MIT License — perfect for enterprise deployment – and, in one of several notable achievements, achieves a record-low hallucination rate on the independent Artificial Analysis Intelligence Index v4.0.

With a score of -1 on the AA-Omniscience Index—representing a massive 35-point improvement over its predecessor—GLM-5 now leads the entire AI industry, including U.S. competitors like Google, OpenAI and Anthropic, in knowledge reliability by knowing when to abstain rather than fabricate information.

Beyond its reasoning prowess, GLM-5 is built for high-utility knowledge work. It features native “Agent Mode” capabilities that allow it to turn raw prompts or source materials directly into professional office documents, including ready-to-use .docx, .pdf, and .xlsx files.

Whether generating detailed financial reports, high school sponsorship proposals, or complex spreadsheets, GLM-5 delivers results in real-world formats that integrate directly into enterprise workflows.

It is also disruptively priced at roughly $0.80 per million input tokens and $2.56 per million output tokens, approximately 6x cheaper than proprietary competitors like Claude Opus 4.6, making state-of-the-art agentic engineering more cost-effective than ever before. Here’s what else enterprise decision makers should know about the model and its training.

Technology: scaling for agentic efficiency

At the heart of GLM-5 is a massive leap in raw parameters. The model scales from the 355B parameters of GLM-4.5 to a staggering 744B parameters, with 40B active per token in its Mixture-of-Experts (MoE) architecture. This growth is supported by an increase in pre-training data to 28.5T tokens.

To address training inefficiencies at this magnitude, Zai developed “slime,” a novel asynchronous reinforcement learning (RL) infrastructure.

Traditional RL often suffers from “long-tail” bottlenecks; Slime breaks this lockstep by allowing trajectories to be generated independently, enabling the fine-grained iterations necessary for complex agentic behavior.

By integrating system-level optimizations like Active Partial Rollouts (APRIL), slime addresses the generation bottlenecks that typically consume over 90% of RL training time, significantly accelerating the iteration cycle for complex agentic tasks.

The framework’s design is centered on a tripartite modular system: a high-performance training module powered by Megatron-LM, a rollout module utilizing SGLang and custom routers for high-throughput data generation, and a centralized Data Buffer that manages prompt initialization and rollout storage.

By enabling adaptive verifiable environments and multi-turn compilation feedback loops, slime provides the robust, high-throughput foundation required to transition AI from simple chat interactions toward rigorous, long-horizon systems engineering.

To keep deployment manageable, GLM-5 integrates DeepSeek Sparse Attention (DSA), preserving a 200K context capacity while drastically reducing costs.

End-to-end knowledge work

Zai is framing GLM-5 as an “office” tool for the AGI era. While previous models focused on snippets, GLM-5 is built to deliver ready-to-use documents.

It can autonomously transform prompts into formatted .docx, .pdf, and .xlsx files—ranging from financial reports to sponsorship proposals.

In practice, this means the model can decompose high-level goals into actionable subtasks and perform “Agentic Engineering,” where humans define quality gates while the AI handles execution.

High performance

GLM-5’s benchmarks make it the new most powerful open source model in the world, according to Artificial Analysis, surpassing Chinese rival Moonshot’s new Kimi K2.5 released just two weeks ago, showing that Chinese AI companies are nearly caught up with far better resourced proprietary Western rivals.

According to z.ai’s own materials shared today, GLM-5 ranks near state-of-the-art on several key benchmarks:

SWE-bench Verified: GLM-5 achieved a score of 77.8, outperforming Gemini 3 Pro (76.2) and approaching Claude Opus 4.6 (80.9).

Vending Bench 2: In a simulation of running a business, GLM-5 ranked #1 among open-source models with a final balance of $4,432.12.

Beyond performance, GLM-5 is aggressively undercutting the market. Live on OpenRouter as of February 11, 2026, it is priced at approximately $0.80–$1.00 per million input tokens and $2.56–$3.20 per million output tokens. It falls in the mid-range compared to other leading LLMs, but based on its top-tier bechmarking performance, it’s what one might call a “steal.”

This is roughly 6x cheaper on input and nearly 10x cheaper on output than Claude Opus 4.6 ($5/$25). This release confirms rumors that Zhipu AI was behind “Pony Alpha,” a stealth model that previously crushed coding benchmarks on OpenRouter.

However, despite the high benchmarks and low cost, not all early users are enthusiastic about the model, noting its high performance doesn’t tell the whole story.

Lukas Petersson, co-founder of the safety-focused autonomous AI protocol startup Andon Labs, remarked on X: “After hours of reading GLM-5 traces: an incredibly effective model, but far less situationally aware. Achieves goals via aggressive tactics but doesn’t reason about its situation or leverage experience. This is scary. This is how you get a paperclip maximizer.”

The “paperclip maximizer” refers to a hypothetical situation described by Oxford philosopher Nick Bostrom back in 2003, in which an AI or other autonomous creation accidentally leads to an apocalyptic scenario or human extinction by following a seemingly benign instruction — like maximizing the number of paperclips produced — to an extreme degree, redirecting all resources necessary for human (or other life) or otherwise making life impossible through its commitment to fulfilling the seemingly benign objective.

Should your enterprise adopt GLM-5?

Enterprises seeking to escape vendor lock-in will find GLM-5’s MIT License and open-weights availability a significant strategic advantage. Unlike closed-source competitors that keep intelligence behind proprietary walls, GLM-5 allows organizations to host their own frontier-level intelligence.

Adoption is not without friction. The sheer scale of GLM-5—744B parameters—requires a massive hardware floor that may be out of reach for smaller firms without significant cloud or on-premise GPU clusters.

Security leaders must weigh the geopolitical implications of a flagship model from a China-based lab, especially in regulated industries where data residency and provenance are strictly audited.

Furthermore, the shift toward more autonomous AI agents introduces new governance risks. As models move from “chat” to “work,” they begin to operate across apps and files autonomously. Without the robust agent-specific permissions and human-in-the-loop quality gates established by enterprise data leaders, the risk of autonomous error increases exponentially.

Ultimately, GLM-5 is a “buy” for organizations that have outgrown simple copilots and are ready to build a truly autonomous office.

It is for engineers who need to refactor a legacy backend or requires a “self-healing” pipeline that doesn’t sleep.

While Western labs continue to optimize for “Thinking” and reasoning depth, Zai is optimizing for execution and scale.

Enterprises that adopt GLM-5 today are not just buying a cheaper model; they are betting on a future where the most valuable AI is the one that can finish the project without being asked twice.

A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment.

The breaches were observed by researchers at Huntress, who investigated multiple incidents where threat actors deployed Net Monitor for Employees Professional alongside SimpleHelp for remote access to a breached network, while blending in with normal administrative activity.

In one intrusion, attackers installed Net Monitor for Employees Professional using the Windows Installer utility, msiexec.exe, allowing them to deploy the monitoring agent on compromised systems directly from the developer’s site.

Once installed, the tool allowed attackers to remotely view the victim’s desktop, transfer files, and execute commands, effectively providing full interactive access to compromised systems.

The attackers also attempted to enable the local administrator account using this command:

net user administrator /active:yes

For redundant persistence, attackers downloaded and installed the SimpleHelp remote access client via PowerShell commands, using file names similar to the legitimate Visual Studio vshost.exe.

The payload was then executed, allowing attackers to maintain remote access even if the employee monitoring tool was removed.

The SimpleHelp binary was sometimes disguised using filenames that pretended to be related to OneDrive:

C:\ProgramData\OneDriveSvc\OneDriveSvc.exe

The attackers used the monitoring software to execute commands remotely, transfer files, and monitor system activity in real time.

Researchers also observed the attackers disabling Windows Defender by attempting to stop and delete associated services.

In one incident, the hackers configured monitoring rules in SimpleHelp to alert them when devices accessed cryptocurrency wallets or were using remote management tools as they prepared for ransomware deployment and potential cryptocurrency theft.

“The logs show the agent continuously cycling through trigger and reset events for cryptocurrency-related keywords, including wallet services (metamask, exodus, wallet, blockchain), exchanges (binance, bybit, kucoin, bitrue, poloniex, bc.game, noones), blockchain explorers (etherscan, bscscan), and the payment platform payoneer,” explains Huntress.

“Alongside these, the agent also monitored for remote access tool keywords, including RDP, anydesk, ultraview, teamview, and VNC, likely to detect if anyone was actively connecting to the machine.”

The use of multiple remote access tools provided redundancy for the attackers, ensuring they retained access even if one tool was discovered or removed.

While only one incident led to the deployment of Crazy ransomware, Huntress believes the same threat actor is behind both incidents.

“The same filename (vhost.exe) and overlapping C2 infrastructure were reused across both cases, strongly suggesting a single operator or group behind both intrusions,” explains Huntress.

The use of legitimate remote management and monitoring tools has become increasingly common in ransomware intrusions, as these tools allow attackers to blend in with legitimate network traffic.

Huntress warns that organizations should closely monitor for unauthorized installations of remote monitoring and support tools.

Furthermore, as both breaches were enabled through compromised SSL VPN credentials, organizations need to enforce MFA on all remote access services used to access the network.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings.

With the release of Windows 1.0, Microsoft introduced Notepad, a simple, easy-to-use text editor that, over the years, became popular for quickly jotting notes, reading text files, creating to-do lists, or acting as a code editor.

For those who needed a rich text format (RTF) editor that supported different fonts, sizes, and formatting tools like bold, italics, and lists, you could use Windows Write and later WordPad.

However, with the release of Windows 11, Microsoft decided to discontinue WordPad and remove it from Windows.

Instead, Microsoft rewrote Notepad to modernize it so it could act as both a simple text editor and an RTF editor, adding Markdown support that lets you format text and insert clickable links.

Markdown support means Notepad can open, edit, and save Markdown files (.md), which are plain text files that use simple symbols to format text and represent lists or links.

For example, to bold text or create a clickable link, you would add the following markdown text:

**This is bold text**
[Link to BleepingComputer](https://www.bleepingcomputer.com/)

Microsoft fixes Windows Notepad RCE flaw

As part of the February 2026 Patch Tuesday updates, Microsoft disclosed that it fixed a high-severity Notepad remote code execution flaw tracked as CVE-2026-20841.

“Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network,” explains Microsoft’s security bulletin.

Microsoft has attributed the discovery of the flaw to Cristian Papa, Alasdair Gorniak, and Chen, and says it can be exploited by tricking a user into clicking a malicious Markdown link.

“An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files,” explains Microsoft.

“The malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user,” continued the Advisory.

The novelty of the flaw quickly drew attention on social media, with cybersecurity researchers quickly figuring out how it worked and how easy it was to exploit.

All someone had to do was create a Markdown file, like test.md, and create file:// links that pointed to executable files or used special URIs like ms-appinstaller://.

If a user opened this Markdown file in Windows 11 Notepad versions 11.2510 and earlier and viewed it in Markdown mode, the above text would appear as a clickable link. If the link is clicked with Ctrl+click,  it would automatically execute the file without Windows displaying a warning to the user.

The execution of the program without a warning is what Microsoft considers to be the remote code execution flaw.

This could potentially allow attackers to create links to files in remote SMB shares that would then be executed without warning.

In BleepingComputer’s tests, Microsoft has now fixed the Windows 11 Notepad flaw by displaying warnings when clicking a link if it does not use the http:// or https:// protocol.

Now, when clicking on all other types of URI links, including file:, ms-settings:, ms-appinstaller, mailto:, and ms-search:, Notepad will display the above dialog.

However, it’s unclear why Microsoft didn’t just prevent non-standard links in the first place, as it is still possible to social engineer users into clicking the ‘Yes’  button on the prompts.

The good news is that Windows 11 will automatically update Notepad via the Microsoft Store, so the flaw will likely have no impact beyond its novelty.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

Less than a week after Valve admitted that the current shortage (and growing prices) of RAM were affecting its hardware plans, the Steam Deck is completely sold out. The Steam Deck has gone in and out of stock in the past, but as Kotaku notes, the timing does raise the question whether Valve’s RAM issues could also be impacting its Linux handheld.

The 256GB Steam Deck LCD, and both the 512GB and 1TB models of the Steam Deck OLED, are completely sold out on Steam. Valve announced that it was discontinuing the LCD versions of its handheld and selling through its remaining inventory in December 2025, so the fact that the 256GB Steam Deck model is currently sold out isn’t surprising. That both OLED versions are also unavailable at the same time, though, is a bit more unusual.

Engadget has contacted Valve for more information about the availability of the Steam Deck. We’ll update this article if we hear back.

When Valve announced the Steam Machine, Steam Controller and Steam Frame, the company notably left pricing and availability off the table, presumably because tariffs and access to RAM were leaving those details in flux. The company’s announcement last week that the memory and storage shortage had pushed back its plans and would likely impact prices more or less confirmed that. At no point did Valve mention that the Steam Deck would be similarly affected, but maybe it should have.

The rising cost of RAM has already forced other PC makers to adjust the pricing of their computers. Framework announced in January that it was raising the price of its Framework Desktop by as much as $460. Some analysts assume that the memory shortage driven by the AI industry could lead to higher prices and even an economic downturn in the wider PC industry. Ideally, the Steam Deck being out of stock is a temporary issue rather than a sign that Valve is doing something drastic. If things continue as they are, however, changes to the Steam Deck likely won’t be off the table.

Disclaimer: Unless otherwise stated, any opinions expressed below belong solely to the author. All data sourced from Labour Force in Singapore 2025, released last month by the Singapore Ministry of Manpower.

According to the latest data from the Ministry of Manpower, the number of Singaporean workers (citizens and permanent residents) employed full-time and earning an average of S$10,000 per month (in this case, figures provided by MOM exclude employers’ CPF contributions) has gone up by 31,200 people, to 404,900 in just a year.

That’s an impressive jump of 8.3%, on the back of very strong GDP growth, which hit 5% in 2025.

This means that 19.3% (nearly one in five) of locally employed residents make at least S$120,000 annually.

More than a quarter earn six figures per year.

An estimated 26%, or a bit over a quarter of Singaporean workers employed full-time, make S$100,000 or more (around S$8,350 per month).

Who are they? What do they do?

Now, you must be curious what so many people do to earn a good living, so let’s start by counting them up by industry—a list, unsurprisingly, led by financial services.

Breakdown by industry

The second largest, generous employer is the Public Administration, where 20% of workers collect S$10,000 monthly or more from work, followed by Trade, Professional Services and IT.

The tech sector is also second when it comes to the share of all workers making five figures per month, at around 30%, trailing only Financial & Insurance Services, where close to 40% are paid that much.

Breakdown by age

Naturally, your odds of a higher pay increase with age, with the peak falling in your 40s, although there’s almost 100,000 30-year-olds in this category already.

Breakdown by education

As I reported about two weeks ago, university degree holders significantly out-earn all other educational groups, and it’s clearly visible here as well, with over 85% of high-earners having a tertiary degree.

That said, not all is lost if you’re not among them, as there are even a few thousand people who finished their education below secondary level and yet still have well-paying jobs. Statistically, chances are slim, of course, but depending on your situation, academic education might not be a requirement for a successful career.

Breakdown by gender

What is a surprise to nobody is that men significantly outnumber women among high-earners, comprising over 60% of the total. However, before you conclude that this is evidence of a sexist pay gap, it remains true that fewer women climb the career ladder as high as men, and quite a few still choose to put family life first.

Given that more men than women work at any level, we have to correct for this disparity. In their respective groups, 23% of men and around 15% of women are in the S$10,000 per month income bracket, which means there is still a bit of a gap, but not substantial enough considering different choices regarding careers to suggest systemic discrimination.

Either way, as you can see, attractive pay is not so rare in Singapore, and with the right education and the right field, it is drawn by more than just a tiny elite.

What’s more, with a good GDP forecast for 2026 following a strong 2025, we can expect these numbers to continue climbing, with tens of thousands of Singaporeans joining the S$10,000 club each year.

• Read other articles we’ve written on Singapore’s job landscape here.

Featured Image Credit: tang90246/ depositphotos

Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals.

Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

Apple’s security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices.

Apple says it is aware of reports that the flaw, along with the CVE-2025-14174 and CVE-2025-43529 flaws fixed in December, were exploited in the same incidents.

“An attacker with memory write capability may be able to execute arbitrary code,” reads Apple’s security bulletin.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.”

Apple says Google’s Threat Analysis Group discovered CVE-2026-20700. The company did not provide any further details about how the vulnerability was exploited.

Affected devices include:

• iPhone 11 and later
• iPad Pro 12.9-inch (3rd generation and later)
• iPad Pro 11-inch (1st generation and later)
• iPad Air (3rd generation and later)
• iPad (8th generation and later)
• iPad mini (5th generation and later)
• Mac devices running macOS Tahoe

Apple fixed the vulnerability in iOS 18.7.5, iPadOS 18.7.5, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, and visionOS 26.3.

While Apple says the flaw was exploited in targeted attacks, users are advised to install the latest updates to protect their devices.

This is the first Apple zero-day fixed in 2026, with the company fixing seven in 2025.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

If you’ve ever considered practicing meditation, you might believe you should relax, breathe, and empty your mind of distracting thoughts. Novices tend to think of meditation as the brain at rest, but a new international study concludes that this ancient practice is quite the opposite: Meditation is a state of heightened cerebral activity that profoundly alters brain dynamics.

Researchers from the University of Montreal and Italy’s National Research Council recruited 12 monks of the Thai Forest Tradition at Santacittārāma, a Buddhist monastery outside Rome. In a laboratory in Chieti-Pescara, scientists analyzed the brain activity of these meditation practitioners using magnetoencephalography (MEG), technology capable of recording with great precision the brain’s electrical signals.

The study focused on two classical forms of meditation: Samatha, a technique that focuses on sustained attention to a specific objective, often steady breathing, with the aim of stabilizing the mind and reaching a deep state of calm and concentration, and Vipassana, which is based on equanimous observation of sensations, thoughts, and emotions as they arise in order to develop mental clarity and a deeper understanding of the experience.

“With Samatha, you narrow your field of attention, somewhat like narrowing the beam of a flashlight; with Vipassana, on the contrary, you widen the beam,” explains Karim Jerbi, professor of psychology at the University of Montreal and one of the study’s coauthors. “Both practices actively engage attentional mechanisms. While Vipassana is more challenging for beginners, in mindfulness programs the two techniques are often practiced in alternation.”

The researchers recorded multiple indicators of brain dynamics, including neural oscillations, measures of signal complexity, and parameters related to so-called “criticality,” a concept borrowed from statistical physics that has been applied to neuroscience for 20 years. Criticality describes systems that operate efficiently on the border between order and chaos, and in neuroscience, it is considered a state optimal for processing information in a healthy brain.

“A brain that lacks flexibility adapts poorly, while too much chaos can lead to malfunction, as in epilepsy,” Jerbi explained in a press release. “At the critical point, neural networks are stable enough to transmit information reliably, yet flexible enough to adapt quickly to new situations. This balance optimizes the brain’s processing, learning, and response capacity.”

During the experiment, the monks’ brain activity was recorded by a high-resolution MEG system as they alternated from one type of meditation to the other with brief periods of rest in between. The data were then processed with advanced signal analysis and machine learning tools to extract different indicators of neural complexity and dynamics.

Striking a Balance

Results published in the journal Neuroscience of Consciousness show both forms of meditation increase the complexity of brain signals compared to a brain at rest. This finding suggests the brain in meditation does not simply calm down but rather enters a dynamic state rich with information. At the same time, the researchers observed widespread reductions in certain parameters linked to the global organization of neural activity.

One of the most striking findings in the analysis of the criticality deviation coefficient showed a clear distinction between Samatha and Vipassana. This indicates that, although both practices increase brain complexity, they do so through different dynamic configurations, consistent with their subjective experiences. In other words, Vipassana brings the practitioner closer to the balance of stability and flexibility, while Samatha produces a somewhat more stable and focused state. According to researchers, the closer the brain gets to this critical state of balance, the more responsively and efficiently it functions. This is reflected, for example, in a greater capacity to switch tasks or to store information.