This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology.Tech billionaires are making a risky bet with humanity’s future Sam Altman, Jeff Bezos, Elon Musk, and others may have slightly different goals, but their grand visions for the next decade and beyond are remarkably similar.They include aligning AI with the interests of humanity; creating an artificial superintelligence that will solve all the world’s most pressing problems; merging with that superintelligence to achieve immortality (or something close to it); establishing a permanent, self-­sustaining colony on Mars; and, ultimately, spreading out across the cosmos.Three features play a central role with powering these visions, says Adam Becker, a science writer and astrophysicist: an unshakable certainty that technology can solve any problem, a belief in the necessity of perpetual growth, and a quasi-religious obsession with transcending our physical and biological limits.In his timely new book, More Everything Forever: AI Overlords, Space Empires, and Silicon Valley’s Crusade to Control the Fate of Humanity, Becker reveals how these fantastical visions conceal a darker agenda. Read the full story. —Bryan Gardiner This story is from the next print edition of MIT Technology Review, which explores power—who has it, and who wants it. It’s set to go live on Wednesday June 25, so subscribe & save 25% to read it and get a copy of the issue when it lands! Here’s what food and drug regulation might look like under the Trump administration Earlier this week, two new leaders of the US Food and Drug Administration published a list of priorities for the agency. Both Marty Makary and Vinay Prasad are controversial figures in the science community. They were generally highly respected academics until the covid pandemic, when their contrarian opinions on masking, vaccines, and lockdowns turned many of their colleagues off them. Given all this, along with recent mass firings of FDA employees, lots of people were pretty anxious to see what this list might include—and what we might expect the future of food and drug regulation in the US to look like. So let’s dive into the pair’s plans for new investigations, speedy approvals, and the “unleashing” of AI. —Jessica Hamzelou This article first appeared in The Checkup, MIT Technology Review’s weekly biotech newsletter. To receive it in your inbox every Thursday, and read articles like this first, sign up here. The must-reads I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology. 1 NASA is investigating leaks on the ISSIt’s postponed launching private astronauts to the station while it evaluates. (WP $)+ Its core component has been springing small air leaks for months. (Reuters)+ Meanwhile, this Chinese probe is en route to a near-Earth asteroid. (Wired $) 2 Undocumented migrants are using social media to warn of ICE raidsThe DIY networks are anonymously reporting police presences across LA. (Wired $)+ Platforms’ relationships with protest activism has changed drastically. (NY Mag $)  3 Google’s AI Overviews is hallucinating about the fatal Air India crashIt incorrectly stated that it involved an Airbus plane, not a Boeing 787. (Ars Technica)+ Why Google’s AI Overviews gets things wrong. (MIT Technology Review) 4 Chinese engineers are sneaking suitcases of hard drives into the countryTo covertly train advanced AI models. (WSJ $)+ The US is cracking down on Huawei’s ability to produce chips. (Bloomberg $)+ What the US-China AI race overlooks. (Rest of World) 5 The National Hurricane Center is joining forces with DeepMindIt’s the first time the center has used AI to predict nature’s worst storms. (NYT $)+ Here’s what we know about hurricanes and climate change. (MIT Technology Review) 6 OpenAI is working on a product with toymaker MattelAI-powered Barbies?! (FT $)+ Nothing is safe from the creep of AI, not even playtime. (LA Times $)+ OpenAI has ambitions to reach billions of users. (Bloomberg $) 7 Chatbots posing as licensed therapists may be breaking the lawDigital rights organizations have filed a complaint to the FTC. (404 Media)+ How do you teach an AI model to give therapy? (MIT Technology Review) 8 Major companies are abandoning their climate commitmentsBut some experts argue this may not be entirely bad. (Bloomberg $)+ Google, Amazon and the problem with Big Tech’s climate claims. (MIT Technology Review) 9 Vibe coding is shaking up software engineeringEven though AI-generated code is inherently unreliable. (Wired $)+ What is vibe coding, exactly? (MIT Technology Review) 10 TikTok really loves hotdogs And who can blame it? (Insider $) Quote of the day “It kind of jams two years of work into two months.” —Andrew Butcher, president of the Maine Connectivity Authority, tells Ars Technica why it’s so difficult to meet the Trump administration’s new plans to increase broadband access in certain states. One more thing The surprising barrier that keeps us from building the housing we needIt’s a tough time to try and buy a home in America. From the beginning of the pandemic to early 2024, US home prices rose by 47%. In large swaths of the country, buying a home is no longer a possibility even for those with middle-class incomes. For many, that marks the end of an American dream built around owning a house. Over the same time, rents have gone up 26%.The reason for the current rise in the cost of housing is clear to most economists: a lack of supply. Simply put, we don’t build enough houses and apartments, and we haven’t for years. But the reality is that even if we ease the endless permitting delays and begin cutting red tape, we will still be faced with a distressing fact: The construction industry is not very efficient when it comes to building stuff. Read the full story. —David Rotman We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet ’em at me.) + If you’re one of the unlucky people who has triskaidekaphobia, look away now.+ 15-year old Nicholas is preparing to head from his home in the UK to Japan to become a professional sumo wrestler.+ Earlier this week, London played host to 20,000 women in bald caps. But why? ($)+ Why do dads watch TV standing up? I need to know.

I don't expect Meta to respect my data or my privacy, but the company continues to surprise me with how low they're willing to go in the name of data collection. The latest such story comes to us from a report titled "Disclosure: Covert Web-to-App Tracking via Localhost on Android." In short, Meta and Yandex (a Russian technology company) have been tracking potentially billions of Android users by abusing a security loophole in Android. That loophole allows the companies to access identifying browsing data from your web browser as long as you have their Android apps installed. How does this tracking work?As the report explains, Android allows any installed app with internet permissions to access the "loopback address" or localhost, an address a device uses to communicate with itself. As it happens, your web browser also has access to the localhost, which allows JavaScripts embedded on certain websites to connect to Android apps and share browsing data and identifiers.What are those JavaScripts, you might ask? In this case, that's Meta Pixel and Yandex Metrica, scripts that let companies track users on their sites. Trackers are an unfortunate part of the modern internet, but Meta Pixel is only supposed to be able to follow you while you browse the web. This loop lets Meta Pixel scripts send your browsing data, cookies, and identifiers back to installed Meta apps like Facebook and Instagram. The same goes for Yandex with its apps like Maps and Browser.You certainly didn't sign up for that when you installed Instagram on your Android device. But once you logged in, the next time you visited a website that embedded Meta Pixel, the script beamed your information back to the app. All of a sudden, Meta had identifying browsing data from your web activity, not via the browsing itself, but from the "unrelated" Instagram app. Chrome, Firefox, and Edge were all affected in these findings. DuckDuckGo blocked some but not all of the domains here, so it was "minimally affected." Brave does block requests to the localhost if you don't consent to it, so it did successfully protect users from this tracking.Researchers say Yandex has been doing this since February of 2017 on HTTP sites, and May of 2018 on HTTPS sites. Meta Pixel, on the other hand, hasn't been tracking this way for long: It only started September of 2024 for HTTP, and ended that practice in October. It started via Websocket and WebRTC STUN in November, and WebRTC TURN in May. Website owners apparently complained to Meta starting in September, asking why Meta Pixel communicates with the localhost. As far as researchers could find, Meta never responded.Researchers make it clear that the type of tracking is possible on iOS, as developers can establish localhost connections and apps can "listen in" too. However, they found no evidence of this tracking on iOS devices, and hypothesize that it has to do with how iOS restricts native apps running in the background.Meta has officially stopped this tracking The good news is, as of June 3, researchers say they have not observed Meta Pixel communicating with the localhost. They didn't say the same for Yandex Metrika, though Yandex told Ars Technica it was "discontinuing the practice." Ars Technica also reports that Google has opened an investigation into these actions that "blatantly violate our security and privacy principles."However, even if Meta has stopped this tracking following the report, the damage could be widespread. As highlighted in the report, estimates put Meta Pixel adoption anywhere from 2.4 million to 5.8 million sites. From here, researchers found that just over 17,000 Meta Pixel sites in the U.S. attempt to connect to the localhost, and over 78% of those do so without any user consent needed, including sites like AP News, Buzzfeed, and The Verge. That's a lot of websites that could have been sending your data back to your Facebook and Instagram apps. The report features a tool that you can use to look for affected sites, but notes the list is not exhaustive, and absence doesn't mean the site is safe.Meta sent me the following statement in response to my request for comment: “We are in discussions with Google to address a potential miscommunication regarding the application of their policies. Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue.”

May 25, 2025Ravie LakshmananThreat Intelligence / Software Security Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena. "Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools," security researchers Anna Širokova and Ivan Feigl said. "Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware." The attacks, like those that have deployed Winos 4.0 in the past, appear to focus specifically on Chinese-speaking environments, with the cybersecurity company calling out the "careful, long-term planning" by a very capable threat actor. Winos 4.0 (aka ValleyRAT) was first publicly documented by Trend Micro in June 2024 as used in attacks targeting Chinese-speaking users by means of malicious Windows Installer (MSI) files for VPN apps. The activity has been attributed to a threat cluster it tracks as Void Arachne, which is also referred to as Silver Fox. Subsequent campaigns distributing the malware have leveraged gaming-related applications like installation tools, speed boosters, and optimization utilities as lures to trick users into installing it. Another attack wave detailed in February 2025 targeted entities in Taiwan via phishing emails that purported to be from the National Taxation Bureau. Built atop the foundations of a known remote access trojan called Gh0st RAT, Winos 4.0 is an advanced malicious framework written in C++ that makes use of a plugin-based system to harvest data, provide remote shell access, and launch distributed denial-of-service (DDoS) attacks. QQBrowser-Based Infection Flow Observed in February 2025 Rapid7 said all the artifacts flagged in February 2025 relied on NSIS installers bundled with signed decoy apps, shellcode embedded in ".ini" files, and reflective DLL injection to covertly maintain persistence on infected hosts and avoid detection. The entire infection chain has been given the moniker Catena. "The campaign has so far been active throughout 2025, showing a consistent infection chain with some tactical adjustments – pointing to a capable and adaptive threat actor," the researchers said. The starting point is a trojanized NSIS installer impersonating an installer for QQ Browser, a Chromium-based web browser developed by Tencent, that's designed to deliver Winos 4.0 using Catena. The malware communicates with hard-coded command-and-control (C2) infrastructure over TCP port 18856 and HTTPS port 443. From LetsVPN Installer to Winos 4.0 in April 2025 Persistence on the host is achieved by registering scheduled tasks that are executed weeks after the initial compromise. While the malware features an explicit check to look for Chinese language settings on the system, it still proceeds with the execution even if that's not the case. This indicates it's an unfinished feature and something that's expected to be implemented in subsequent iterations of the malware. That said, Rapid7 said it identified in April 2025 a "tactical shift" that not only switched some of the elements of the Catena execution chain, but also incorporated features to evade antivirus detection. In the revamped attack sequence, the NSIS installer disguises itself as a setup file for LetsVPN and runs a PowerShell command that adds Microsoft Defender exclusions for all drives (C:\ to Z:\). It then drops additional payloads, including an executable that takes a snapshot of running processes and checks for processes related to 360 Total Security, an antivirus product developed by Chinese vendor Qihoo 360. The binary is signed with an expired certificate issued by VeriSign and allegedly belongs to Tencent Technology (Shenzhen). It was valid from 2018-10-11 to 2020-02-02. The primary responsibility of the executable is to reflectively load a DLL file that, in turn, connects to a C2 server ("134.122.204[.]11:18852" or "103.46.185[.]44:443") in order to download and execute Winos 4.0. "This campaign shows a well-organized, regionally focused malware operation using trojanized NSIS installers to quietly drop the Winos 4.0 stager," the researchers said. "It leans heavily on memory-resident payloads, reflective DLL loading, and decoy software signed with legit certificates to avoid raising alarms. Infrastructure overlaps and language-based targeting hint at ties to Silver Fox APT, with activity likely aimed at Chinese-speaking environments." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Ming - stock.adobe.com Opinion UK Fraud Bill targets benefit claimants for mass surveillance The UK government’s proposed Fraud Bill will disproportionately place millions of benefit claimants under constant surveillance, creating a two-tier system where people are automatically suspected of wrongdoing for seeking welfare By Anna Dent Published: 21 May 2025 Earlier this month the House of Lords had its first debate on the Public Authorities (Fraud, Error and Recovery) Bill.  The Bill aims to reduce government losses to benefit fraud and error, and would give the Department for Work and Pensions (DWP) unprecedented powers of investigation to routinely and covertly check benefit claimants' bank accounts, the right to enter private homes, and to seize drivers' licenses or money from bank accounts. Expert organisations including Justice, the Public Law Project and Big Brother Watch warn that although the aim of the Bill is hugely important, the proposed powers are disproportionate and represent a breach of human rights. As Baroness Finn remarked in the Lords, "support for the goal must not mean silence about the means." The Bill promises an expanded regime of digital surveillance for people in receipt of Universal Credit, Employment and Support Allowance, and State Pension Credit. This includes the introduction of an 'Eligibility Verification Measure' (EVM) which would enable DWP to direct banks to check millions of bank accounts for as yet unspecified indicators of benefit fraud and error.  DWP already has similar powers but crucially can only use them where it has 'reasonable grounds' to suspect fraud is taking place, which is the standard threshold for many comparable state powers. This Bill would completely remove that threshold, and enable intrusive surveillance without any justification. Details on exactly how the EVM will be used are sparse, but it could theoretically result in every single claimant’s bank account being checked, with no suspicion or indication of any fraud, error or over-payment needed.  Accounts flagged through these checks would then be passed to a member of DWP staff for further investigation, but what this will involve is still unclear. A code of practice to accompany the Bill is still unpublished, so we don't actually know what sequence of events would play out. Will individuals be informed when they are being investigated? Will their benefits be suspended during an investigation? Will their claim be assessed by other fraud algorithms? In some circumstances, the Department could automatically take money from the bank accounts of people no longer on benefits if they are deemed to have committed fraud or been accidentally overpaid. Banks will be prevented from informing their customers that this recovery process is happening, so the first that a customer might know is when money disappears from their account.  The finance industry has expressed concern about tensions between the obligations the Bill would create and financial institutions' consumer obligations, the risks of financial harm to vulnerable customers, and the lack of robust safeguards for the transfer of banking data. Others are concerned about the potential for miscarriages of justice which many will be unable to effectively challenge: the benefits covered by the Bill are only available to people on a low income, who are unlikely to have the means to engage in legal action. These powers would apply to both fraud and error, including over-payments caused by the Department's own mistakes. Overpayments can be caused by myriad mistakes on the part of DWP or claimant, or both, and the complexity of making claims is well known. But under the Bill, fraud and error will be treated the same, with the same digital surveillance deployed and the same powers to seize money and other assets. Universal Credit already appears to be particularly prone to mistakes and over-payments. Rather than punishing people after the fact, it would be better for DWP to work out why it is particularly vulnerable, do more to help people avoid mistakes, and reduce the rate at which their own mistakes cause over-payments. Treating all claimants like intentional fraudsters stigmatises people on benefits, and risks people who need financial support disengaging from the benefit system. Rather than focus on professional criminals who are actively defrauding the Department, the bill scoops everyone up and places them all under suspicion. It creates a two-tier system in which benefit claimants would be subject to an invasion of privacy not applied to the rest of the population: millions of people who have done nothing wrong will be laid open to mass surveillance. DWP officers would be given police-like powers of entry to private premises and seizure of private property. This is an extraordinary expansion of very serious powers targeted at one section of society. It fundamentally undermines basic rights to privacy and to be presumed innocent until proven otherwise.  Whether the ends justify these heavy-handed means is doubtful. The Department's own impact assessment estimates that just 2% of social security fraud and error over-payments will be clawed back through the use of these powers over 10 years: a disproportionate invasion of privacy for little benefit. The finance industry also warns that the organised gangs who carry out large-scale benefit fraud using sophisticated methods to avoid detection will easily find ways to work around the new powers.  Also on its way through the legislative process is the Data Use and Access Bill, which proposes to reduce the requirement for human oversight of automated decisions within government. If both Bills pass into law as currently drafted, there is a potential future in which the human-in-the-loop safeguards relating to digital bank surveillance are no longer legally required. This leaves the door open to hugely consequential decisions being made entirely by automated systems. We know that existing DWP fraud algorithms generate bias; the introduction of more automation and digital surveillance and the potential for less human oversight should trouble us all.  Increasing the number of people that are flagged for investigation via these new powers could put thousands more through the difficult process of fraud investigation. DWP’s own figures show that three-quarters of people whose benefit claims are flagged as suspicious actually have no fraud or error related to their claim at all. Ten million people receive the benefits that will be covered by the new powers: if even 1% of claimants are wrongly investigated many thousands of people will be affected.  As well as the immediate impact of these disproportionate powers, politicians need to be aware of the precedents they are setting, and how the legislation could be used by other administrations in future. Eliminating the need for the government to justify wholesale digital surveillance removes a basic protection against state over-reach. Only the state pension is explicitly excluded from the powers in the Bill: a government with an even more single-minded obsession with efficiency and fraud could roll out the bank surveillance to many, many other people. What will affect a minority now could become the norm for the majority. Anna Dent is an independent researcher and policy consultant, working on the digital welfare state and human-centred technology Read more about digital surveillance UK government outlines plan to surveil migrants with eVisa data: Electronic visa data and biometric technologies will be used by the UK’s immigration enforcement authorities to surveil migrants living in the country and to ‘tighten control of the border’, attracting strong criticism from migrant support groups. AI surveillance towers place migrants in ‘even greater jeopardy’: The use of autonomous surveillance towers throughout the English coast forces migrants into increasingly dangerous routes and contributes to their criminalisation. Invasive tracking ‘endemic’ on sensitive support websites: Websites set up by police, charities and universities to help people get support for sensitive issues like addiction and sexual harassment are deploying tracking technologies that harvest information without proper consent. In The Current Issue: UK critical systems at risk from ‘digital divide’ created by AI threats UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal Standard Chartered grounds AI ambitions in data governance Download Current Issue Microsoft entices developers to build more Windows AI apps – Cliff Saran's Enterprise blog Red Hat launches llm-d community & project – Open Source Insider View All Blogs

The old school action movie hero, like the old school movie star, is a dying breed. Tom Cruise is acutely aware of this since pretty much all of his franchised efforts in the 2020s have been about the glories of the fading old days and ways. Top Gun: Maverick, for example, explained why we still needed Cruise up on that wall, protecting us with one piece of superb blockbuster cinema at a time. But in the interim between Mission: Impossible – Dead Reckoning and this month’s long anticipated Mission: Impossible – The Final Reckoning, even the rare company he keeps on those ramparts has shrunk. Indiana Jones is again retired (and presumably for good after the box office receipts for Dial of Destiny came in); and not only has James Bond died onscreen with the last of the Daniel Craig movies, but perhaps off as well since the franchise’s “one at a time” bespoke family business model was consigned to the dustbin of movie history. Still, there remains Cruise and his handful of beloved onscreen personas, who are only too cognizant of how lonely they are high up on their barricade against the rising tide. And it appears to at last be getting to them in Final Reckoning, the allegedly last Mission: Impossible movie that feels the weight of the world on its shoulders, and a lot less of the deft spontaneity that previously made this franchise among the best in the Hollywood canon. Just to clear, there is yet quite a bit to enjoy in Mission: Impossible – The Final Reckoning, our eighth and most interconnected adventure with Cruise’s Ethan Hunt to date. Ever since filmmaker Christopher McQuarrie took over the directorial duties of the franchise beginning in 2015’s Rogue Nation, and even beforehand as a writer via Ghost Protocol, the series has widely been recognized for its creative ingenuity, emotional intelligence, and of course eye-popping spectacle and stunt work wherein Cruise channels his inner Buster Keaton or Douglas Fairbanks by putting his life on the line for our amusement. Those elements stay at play in Final Reckoning, but there is just a lot less playfulness to it in a film that ostensibly asks us to treat its story as a grand finale to Ethan Hunt’s impact on cinema—even as the film simultaneously and awkwardly resists that impulse. Less of a full-stop for the series than a trailing off question mark, Final Reckoning fights against itself and the notion of closing the book or bidding farewell to almost anything, especially Cruise, which makes its ever-growing bombast as much of a hindrance as help in this reluctant swan song. From the opening recap of his assignment, wherein Ethan receives the choice to accept or decline his mission via an appropriately ‘90s VHS cassette tape, Final Reckoning is intent on celebrating the past while turning the screws of self-importance in the present. Consider that this time Ethan’s mission brief is delivered not only by a familiar voice, but the newly elected President of the United States (Angela Bassett’s welcome return as Erika Sloane). The former CIA director turned commander-in-chief is heard pleading with Ethan to come in and deliver the cruciform key from the last movie, which is the secret to unlocking the source code to a world-ending AI threat called the Entity. Yes, despite the title change, Final Reckoning is very much Dead Reckoning Part 2, albeit now with the stakes clearly having been tinkered with off-screen. In the last movie, the Entity represented the abstract but insidious threat of AI and the internet itself, with a sentient algorithm commandeering the power to shape truth and our perceptions of reality. Well, in Final Reckoning, it has apparently decided to go full Skynet. President Sloane reveals the evil AI has corrupted the hydrogen bomb capabilities of most of the nuclear powers in the world, and within three days will have the ability to destroy all life on Earth for no discernible reason. However, should Ethan go rogue and attempt to turn off the Entity without surrendering control over the AI’s source code back to the American government, it could kill the internet and plummet the world into an economic dark age. It’s grim, technologically complex stuff, but in practice is actually incredibly simple. The world will literally end if either the Entity or any government gets its way. So it is all up to Ethan Hunt and his beloved team—which consists here of Luther (Ving Rhames), Benji (Simon Pegg), and recent additions Grace (Hayley Atwell) and Paris (Pom Klementieff)—to save the world via some spectacularly unsafe looking stunts and poker-faced brinksmanship. Ethan indeed has to enter into multiple staring contests with various admirals, generals, and presidents when they dare question whether he really is the smartest guy in the room. The fools. However, for all the press about this being the most expensive Mission ever made, Final Reckoning is arguably more intimate in scale than the last couple of entries. There is plenty of globe-trotting, but other than a jaw-dropping climax involving two biplanes that wouldn’t have looked out of place in 1933’s Flying Down to Rio, and the long teased underwater sequence in which Ethan discovers the wrecked SevastopolTop Gun territory. As in Maverick, Cruise once again has steely tete-a-tetes with various naval officers on what appears to be the real frigid waters of the Bering Sea. This unfortunately undercuts a bit of the travelogue fun of so many spy movies, including the previous Dead Reckoning which was at its best when Cruise and Atwell got to flirt in Rome while smashing a banana-colored Fiat along the Spanish Steps, or Cruise and the missed-but-not-forgotten Rebecca Ferguson simply smoldered in the Arabian deserts outside Dubai while trashing an army of NPCs. In an attempt to reach for the rhapsody of other blockbuster swan songs like The Dark Knight Rises or No Time to Die, Final Reckoning foregoes the lighter touch and mischievousness that made Fallout and Rogue Nation such all-time crowdpleasers. Yet McQuarrie’s play-it-by-ear looseness and story structure clashes with the dour-faced histrionics of Final Reckoning’s setup, particularly during the film’s multiple exposition dumps where characters spew utter nonsense about what the Entity wants at each other, or what to do about what remains one of the worst villains in the franchise, Esai Morales’ exhausting Gabriel. He’s back, and his cackling dastardliness is louder than ever. It also still feels beneath the amount of emotional trauma the film wishes to credit him with inflicting on Ethan. Join our mailing list Get the best of Den of Geek delivered right to your inbox! Still, it would be a disservice to what is ultimately an entertaining popcorn flick to dwell only on the shortcomings. This remains a Tom Cruise stunt spectacular that for the most part maintains McQuarrie’s uncanny ear for sharp, knowingly grandiloquent dialogue and clever shorthand characterization. When Cruise and McQ are focused on the smaller beats, like the interplay between Ethan and a team of deep sea divers, or the endlessly endearing bickering between teammates like Benji and Luther, it never ceases to charm. Grace and Paris likewise prove worthy permanent additions to the team. The chemistry between Atwell and Cruise during one arctic sequence is particularly giddy. Furthermore, there is a wonderful callback to the first Mission: Impossible that I will not spoil here, but it’s better than any simple cameo or easter egg. It retroactively adds McQuarrie’s humanist optimism from these later movies to De Palma’s ‘90s era cheeky chic. And did I mention that IMAX biplane sequence that’s all over the trailers and posters? It really cannot be oversold. It’s only when the sum of these sequences are compared to the taller heights the franchise has recently scaled, particularly in Fallout, which Final Reckoning not so covertly attempts to remake during the third act, that it’s left a little wanting. The film might be marketed as the final Mission: Impossible Mission: Impossible: The Final Reckoning opens on Friday, May 23. Learn more about Den of Geek’s review process and why you can trust our recommendations here.

This article contains spoilers for Andor season 2 episodes 10-12 and Rogue One. The final three episodes of Andor may not pack quite the same emotional punch as the Ghorman arc, but they definitely bring this story together in an impactful way. It was revealed fairly early on that this season was going to lead up to the events of Rogue One, but how it did so was still very much a surprise. From the reveal of Krennic’s secret weapon program, to Bail’s arrival on Yavin 4, and so much more – the last three episodes have lined things up perfectly and added new context to the events of Rogue One in the process. Here’s everything you need to know about the Andor finale and how it connects to Rogue One. Luthen and Lonni’s Sacrifice This arc begins a year after the last, as all the others have, in 1 BBY. Kleya (Elizabeth Dulau) and Luthen (Stellan Skarsgård) receive an urgent message from Lonni (Robert Emms) asking to meet. For the first time, Luthen and Lonni meet in public rather than in their secret elevator hideout in the depths of Coruscant.  Lonni begs for safe passage for him and his family in exchange for the information he has, claiming that he’s been burned and that the Empire will likely be after him soon. Luthen agrees to take them to Yavin, giving Lonni just enough hope to spill what he knows. Lonni starts by warning Luthen that Dedra Meero (Denise Gough) knows he’s Axis and is trying to covertly assemble a team to apprehend him.  Then Lonni reveals what really has him shaken up – the truth about the Emperor’s Energy program. After holding on to Dedra’s code cert for a year, he finally dug through her files and found out about Krennic’s (Ben Mendelsohn) secret weapon program a.k.a. the Death Star. He says that the massacre on Ghorman, and the Imperial occupation of Jedha and Scarif are all connected. He tells Luthen all about the Kyber crystals on Jedha, Galen Erso’s involvement, everything that the Rebel Alliance needs to start looking into this. Luthen kills Lonni after he shares this information, presumably paranoid about the Empire finding out what he now knows. He relays all of this to Kleya and urges her to flee and get this information to the others as quickly as possible. He stays behind and starts destroying their comms relay when Dedra appears. She comes alone, cocky and confident that she has him on the ropes, but Luthen isn’t going to go out so easily. While Dedra is waxing poetic about how she finally has him, Luthen stabs himself with a nearby relic. Dedra attempts to keep him alive by transporting him to a hospital, but Kleya is able to sneak in and take him off life support, as she knows he would want. Dedra’s Folly Even though Dedra is finally successful at capturing Luthen, we find out that her “victory” came at a cost. As soon as she gets Luthen to the hospital, she’s arrested by the ISB and Krennic is brought in to interrogate her. He asks who she told about the secret project and how she heard about Galen Erso’s involvement. He also assumes that she gave Lonni her code cert. She denies this, but also admits that there were intel bundles that were forwarded to her office by mistake. Instead of reporting them, she sifted through them for information that could lead her to Axis. But that also left the information readily available for Lonni to steal. In the final moments of episode 12, we see Dedra is now a prisoner in an Imperial prison like Cassian once was. We don’t know for sure that this is Narkina 5, the Empire is a fan of uniformity after all, but it’s pretty safe to assume that it’s at least a similar work camp environment. The Empire turned on her as soon as she outlived her usefulness and because her desire to capture Axis put the Death Star plans at risk. Rescuing Kleya and Knowledge of the Death Star Meanwhile, Cassian (Diego Luna), Melshi (Duncan Pow), and K-2SO (Alan Tudyk) are bonding on Yavin when Wilmon (Muhannad Bhaier) hears a mysterious transmission that Cassian recognizes from his time with Luthen. Cassian, Melshi, and K-2SO immediately set off for Coruscant despite the protocols on Yavin forbidding them from doing so. Wilmon tells Draven (Alistair Petrie) why Cassian left, and he isn’t too thrilled about it. Join our mailing list Get the best of Den of Geek delivered right to your inbox! On Coruscant, Supervisor Heert (Jacob James Beswick) is put in charge of finding and capturing Kleya. He seeks advice from Dedra, which she begrudgingly gives from behind bars. The ISB is able to get Kleya’s comm table functioning enough to track her distress signal, arriving at the Coruscant safe house right after Cassian and Melshi do. At first it seems like the ISB might have them cornered, but K-2SO puts his brute force to work taking out the Imperial agents and helping them get Kleya out of Coruscant. A Meeting On Kafrene When Cassian returns to Yavin, he relays the information about Krennic’s program and the Death Star that Kleya and Luthen got from Lonni to Rebel leadership. Kleya was injured in the ISB attack and is still recovering, and Cassian knows that they need to act on this information as soon as possible. Luthen died for it, after all. The Rebel council isn’t sure if they can trust this information, but Mon wants to believe Cassian. One of Saw’s men, Tivik, has put out word that he has information, but will only speak to Cassian about it if he comes to Kafrene. Mon and Draven try to convince Bail to let Cassian follow this lead even though he’s currently being reprimanded for sneaking off Yavin to go rescue Kleya. He relents, sending Cassian and K-2SO off to Kafrene, which is where we first meet them in Rogue One. What Happened to Bix? In the final moments of the finale, we return to Mina-Rau, the planet that Bix, Brasso, and Wilmon sought refuge on after Ferrix. B2-EMO is still there, playing with the children. Finally we see Bix, standing in a field holding a child that we can probably assume is Cassian’s, and part of the reason she left a year ago. She knew that he would leave the rebellion for both of them, and she didn’t want him to do that. But now she and their child look out into the distance, at a sunrise that Cassian is currently fighting for, but will never see for himself. Both full seasons of Andor are available to stream on Disney+ now.