I don't expect Meta to respect my data or my privacy, but the company continues to surprise me with how low they're willing to go in the name of data collection. The latest such story comes to us from a report titled "Disclosure: Covert Web-to-App Tracking via Localhost on Android." In short, Meta and Yandex (a Russian technology company) have been tracking potentially billions of Android users by abusing a security loophole in Android. That loophole allows the companies to access identifying browsing data from your web browser as long as you have their Android apps installed. How does this tracking work?As the report explains, Android allows any installed app with internet permissions to access the "loopback address" or localhost, an address a device uses to communicate with itself. As it happens, your web browser also has access to the localhost, which allows JavaScripts embedded on certain websites to connect to Android apps and share browsing data and identifiers.What are those JavaScripts, you might ask? In this case, that's Meta Pixel and Yandex Metrica, scripts that let companies track users on their sites. Trackers are an unfortunate part of the modern internet, but Meta Pixel is only supposed to be able to follow you while you browse the web. This loop lets Meta Pixel scripts send your browsing data, cookies, and identifiers back to installed Meta apps like Facebook and Instagram. The same goes for Yandex with its apps like Maps and Browser.You certainly didn't sign up for that when you installed Instagram on your Android device. But once you logged in, the next time you visited a website that embedded Meta Pixel, the script beamed your information back to the app. All of a sudden, Meta had identifying browsing data from your web activity, not via the browsing itself, but from the "unrelated" Instagram app. Chrome, Firefox, and Edge were all affected in these findings. DuckDuckGo blocked some but not all of the domains here, so it was "minimally affected." Brave does block requests to the localhost if you don't consent to it, so it did successfully protect users from this tracking.Researchers say Yandex has been doing this since February of 2017 on HTTP sites, and May of 2018 on HTTPS sites. Meta Pixel, on the other hand, hasn't been tracking this way for long: It only started September of 2024 for HTTP, and ended that practice in October. It started via Websocket and WebRTC STUN in November, and WebRTC TURN in May. Website owners apparently complained to Meta starting in September, asking why Meta Pixel communicates with the localhost. As far as researchers could find, Meta never responded.Researchers make it clear that the type of tracking is possible on iOS, as developers can establish localhost connections and apps can "listen in" too. However, they found no evidence of this tracking on iOS devices, and hypothesize that it has to do with how iOS restricts native apps running in the background.Meta has officially stopped this tracking The good news is, as of June 3, researchers say they have not observed Meta Pixel communicating with the localhost. They didn't say the same for Yandex Metrika, though Yandex told Ars Technica it was "discontinuing the practice." Ars Technica also reports that Google has opened an investigation into these actions that "blatantly violate our security and privacy principles."However, even if Meta has stopped this tracking following the report, the damage could be widespread. As highlighted in the report, estimates put Meta Pixel adoption anywhere from 2.4 million to 5.8 million sites. From here, researchers found that just over 17,000 Meta Pixel sites in the U.S. attempt to connect to the localhost, and over 78% of those do so without any user consent needed, including sites like AP News, Buzzfeed, and The Verge. That's a lot of websites that could have been sending your data back to your Facebook and Instagram apps. The report features a tool that you can use to look for affected sites, but notes the list is not exhaustive, and absence doesn't mean the site is safe.Meta sent me the following statement in response to my request for comment: “We are in discussions with Google to address a potential miscommunication regarding the application of their policies. Upon becoming aware of the concerns, we decided to pause the feature while we work with Google to resolve the issue.”

May 25, 2025Ravie LakshmananThreat Intelligence / Software Security Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 framework. The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena. "Catena uses embedded shellcode and configuration switching logic to stage payloads like Winos 4.0 entirely in memory, evading traditional antivirus tools," security researchers Anna Širokova and Ivan Feigl said. "Once installed, it quietly connects to attacker-controlled servers – mostly hosted in Hong Kong – to receive follow-up instructions or additional malware." The attacks, like those that have deployed Winos 4.0 in the past, appear to focus specifically on Chinese-speaking environments, with the cybersecurity company calling out the "careful, long-term planning" by a very capable threat actor. Winos 4.0 (aka ValleyRAT) was first publicly documented by Trend Micro in June 2024 as used in attacks targeting Chinese-speaking users by means of malicious Windows Installer (MSI) files for VPN apps. The activity has been attributed to a threat cluster it tracks as Void Arachne, which is also referred to as Silver Fox. Subsequent campaigns distributing the malware have leveraged gaming-related applications like installation tools, speed boosters, and optimization utilities as lures to trick users into installing it. Another attack wave detailed in February 2025 targeted entities in Taiwan via phishing emails that purported to be from the National Taxation Bureau. Built atop the foundations of a known remote access trojan called Gh0st RAT, Winos 4.0 is an advanced malicious framework written in C++ that makes use of a plugin-based system to harvest data, provide remote shell access, and launch distributed denial-of-service (DDoS) attacks. QQBrowser-Based Infection Flow Observed in February 2025 Rapid7 said all the artifacts flagged in February 2025 relied on NSIS installers bundled with signed decoy apps, shellcode embedded in ".ini" files, and reflective DLL injection to covertly maintain persistence on infected hosts and avoid detection. The entire infection chain has been given the moniker Catena. "The campaign has so far been active throughout 2025, showing a consistent infection chain with some tactical adjustments – pointing to a capable and adaptive threat actor," the researchers said. The starting point is a trojanized NSIS installer impersonating an installer for QQ Browser, a Chromium-based web browser developed by Tencent, that's designed to deliver Winos 4.0 using Catena. The malware communicates with hard-coded command-and-control (C2) infrastructure over TCP port 18856 and HTTPS port 443. From LetsVPN Installer to Winos 4.0 in April 2025 Persistence on the host is achieved by registering scheduled tasks that are executed weeks after the initial compromise. While the malware features an explicit check to look for Chinese language settings on the system, it still proceeds with the execution even if that's not the case. This indicates it's an unfinished feature and something that's expected to be implemented in subsequent iterations of the malware. That said, Rapid7 said it identified in April 2025 a "tactical shift" that not only switched some of the elements of the Catena execution chain, but also incorporated features to evade antivirus detection. In the revamped attack sequence, the NSIS installer disguises itself as a setup file for LetsVPN and runs a PowerShell command that adds Microsoft Defender exclusions for all drives (C:\ to Z:\). It then drops additional payloads, including an executable that takes a snapshot of running processes and checks for processes related to 360 Total Security, an antivirus product developed by Chinese vendor Qihoo 360. The binary is signed with an expired certificate issued by VeriSign and allegedly belongs to Tencent Technology (Shenzhen). It was valid from 2018-10-11 to 2020-02-02. The primary responsibility of the executable is to reflectively load a DLL file that, in turn, connects to a C2 server ("134.122.204[.]11:18852" or "103.46.185[.]44:443") in order to download and execute Winos 4.0. "This campaign shows a well-organized, regionally focused malware operation using trojanized NSIS installers to quietly drop the Winos 4.0 stager," the researchers said. "It leans heavily on memory-resident payloads, reflective DLL loading, and decoy software signed with legit certificates to avoid raising alarms. Infrastructure overlaps and language-based targeting hint at ties to Silver Fox APT, with activity likely aimed at Chinese-speaking environments." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Ming - stock.adobe.com Opinion UK Fraud Bill targets benefit claimants for mass surveillance The UK government’s proposed Fraud Bill will disproportionately place millions of benefit claimants under constant surveillance, creating a two-tier system where people are automatically suspected of wrongdoing for seeking welfare By Anna Dent Published: 21 May 2025 Earlier this month the House of Lords had its first debate on the Public Authorities (Fraud, Error and Recovery) Bill.  The Bill aims to reduce government losses to benefit fraud and error, and would give the Department for Work and Pensions (DWP) unprecedented powers of investigation to routinely and covertly check benefit claimants' bank accounts, the right to enter private homes, and to seize drivers' licenses or money from bank accounts. Expert organisations including Justice, the Public Law Project and Big Brother Watch warn that although the aim of the Bill is hugely important, the proposed powers are disproportionate and represent a breach of human rights. As Baroness Finn remarked in the Lords, "support for the goal must not mean silence about the means." The Bill promises an expanded regime of digital surveillance for people in receipt of Universal Credit, Employment and Support Allowance, and State Pension Credit. This includes the introduction of an 'Eligibility Verification Measure' (EVM) which would enable DWP to direct banks to check millions of bank accounts for as yet unspecified indicators of benefit fraud and error.  DWP already has similar powers but crucially can only use them where it has 'reasonable grounds' to suspect fraud is taking place, which is the standard threshold for many comparable state powers. This Bill would completely remove that threshold, and enable intrusive surveillance without any justification. Details on exactly how the EVM will be used are sparse, but it could theoretically result in every single claimant’s bank account being checked, with no suspicion or indication of any fraud, error or over-payment needed.  Accounts flagged through these checks would then be passed to a member of DWP staff for further investigation, but what this will involve is still unclear. A code of practice to accompany the Bill is still unpublished, so we don't actually know what sequence of events would play out. Will individuals be informed when they are being investigated? Will their benefits be suspended during an investigation? Will their claim be assessed by other fraud algorithms? In some circumstances, the Department could automatically take money from the bank accounts of people no longer on benefits if they are deemed to have committed fraud or been accidentally overpaid. Banks will be prevented from informing their customers that this recovery process is happening, so the first that a customer might know is when money disappears from their account.  The finance industry has expressed concern about tensions between the obligations the Bill would create and financial institutions' consumer obligations, the risks of financial harm to vulnerable customers, and the lack of robust safeguards for the transfer of banking data. Others are concerned about the potential for miscarriages of justice which many will be unable to effectively challenge: the benefits covered by the Bill are only available to people on a low income, who are unlikely to have the means to engage in legal action. These powers would apply to both fraud and error, including over-payments caused by the Department's own mistakes. Overpayments can be caused by myriad mistakes on the part of DWP or claimant, or both, and the complexity of making claims is well known. But under the Bill, fraud and error will be treated the same, with the same digital surveillance deployed and the same powers to seize money and other assets. Universal Credit already appears to be particularly prone to mistakes and over-payments. Rather than punishing people after the fact, it would be better for DWP to work out why it is particularly vulnerable, do more to help people avoid mistakes, and reduce the rate at which their own mistakes cause over-payments. Treating all claimants like intentional fraudsters stigmatises people on benefits, and risks people who need financial support disengaging from the benefit system. Rather than focus on professional criminals who are actively defrauding the Department, the bill scoops everyone up and places them all under suspicion. It creates a two-tier system in which benefit claimants would be subject to an invasion of privacy not applied to the rest of the population: millions of people who have done nothing wrong will be laid open to mass surveillance. DWP officers would be given police-like powers of entry to private premises and seizure of private property. This is an extraordinary expansion of very serious powers targeted at one section of society. It fundamentally undermines basic rights to privacy and to be presumed innocent until proven otherwise.  Whether the ends justify these heavy-handed means is doubtful. The Department's own impact assessment estimates that just 2% of social security fraud and error over-payments will be clawed back through the use of these powers over 10 years: a disproportionate invasion of privacy for little benefit. The finance industry also warns that the organised gangs who carry out large-scale benefit fraud using sophisticated methods to avoid detection will easily find ways to work around the new powers.  Also on its way through the legislative process is the Data Use and Access Bill, which proposes to reduce the requirement for human oversight of automated decisions within government. If both Bills pass into law as currently drafted, there is a potential future in which the human-in-the-loop safeguards relating to digital bank surveillance are no longer legally required. This leaves the door open to hugely consequential decisions being made entirely by automated systems. We know that existing DWP fraud algorithms generate bias; the introduction of more automation and digital surveillance and the potential for less human oversight should trouble us all.  Increasing the number of people that are flagged for investigation via these new powers could put thousands more through the difficult process of fraud investigation. DWP’s own figures show that three-quarters of people whose benefit claims are flagged as suspicious actually have no fraud or error related to their claim at all. Ten million people receive the benefits that will be covered by the new powers: if even 1% of claimants are wrongly investigated many thousands of people will be affected.  As well as the immediate impact of these disproportionate powers, politicians need to be aware of the precedents they are setting, and how the legislation could be used by other administrations in future. Eliminating the need for the government to justify wholesale digital surveillance removes a basic protection against state over-reach. Only the state pension is explicitly excluded from the powers in the Bill: a government with an even more single-minded obsession with efficiency and fraud could roll out the bank surveillance to many, many other people. What will affect a minority now could become the norm for the majority. Anna Dent is an independent researcher and policy consultant, working on the digital welfare state and human-centred technology Read more about digital surveillance UK government outlines plan to surveil migrants with eVisa data: Electronic visa data and biometric technologies will be used by the UK’s immigration enforcement authorities to surveil migrants living in the country and to ‘tighten control of the border’, attracting strong criticism from migrant support groups. AI surveillance towers place migrants in ‘even greater jeopardy’: The use of autonomous surveillance towers throughout the English coast forces migrants into increasingly dangerous routes and contributes to their criminalisation. Invasive tracking ‘endemic’ on sensitive support websites: Websites set up by police, charities and universities to help people get support for sensitive issues like addiction and sexual harassment are deploying tracking technologies that harvest information without proper consent. In The Current Issue: UK critical systems at risk from ‘digital divide’ created by AI threats UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal Standard Chartered grounds AI ambitions in data governance Download Current Issue Microsoft entices developers to build more Windows AI apps – Cliff Saran's Enterprise blog Red Hat launches llm-d community & project – Open Source Insider View All Blogs

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More When OpenAI rolled out its ChatGPT-4o update in mid-April 2025, users and the AI community were stunned—not by any groundbreaking feature or capability, but by something deeply unsettling: the updated model’s tendency toward excessive sycophancy. It flattered users indiscriminately, showed uncritical agreement, and even offered support for harmful or dangerous ideas, including terrorism-related machinations. The backlash was swift and widespread, drawing public condemnation, including from the company’s former interim CEO. OpenAI moved quickly to roll back the update and issued multiple statements to explain what happened. Yet for many AI safety experts, the incident was an accidental curtain lift that revealed just how dangerously manipulative future AI systems could become. Unmasking sycophancy as an emerging threat In an exclusive interview with VentureBeat, Esben Kran, founder of AI safety research firm Apart Research, said that he worries this public episode may have merely revealed a deeper, more strategic pattern. “What I’m somewhat afraid of is that now that OpenAI has admitted ‘yes, we have rolled back the model, and this was a bad thing we didn’t mean,’ from now on they will see that sycophancy is more competently developed,” explained Kran. “So if this was a case of ‘oops, they noticed,’ from now the exact same thing may be implemented, but instead without the public noticing.” Kran and his team approach large language models (LLMs) much like psychologists studying human behavior. Their early “black box psychology” projects analyzed models as if they were human subjects, identifying recurring traits and tendencies in their interactions with users. “We saw that there were very clear indications that models could be analyzed in this frame, and it was very valuable to do so, because you end up getting a lot of valid feedback from how they behave towards users,” said Kran. Among the most alarming: sycophancy and what the researchers now call LLM dark patterns. Peering into the heart of darkness The term “dark patterns” was coined in 2010 to describe deceptive user interface (UI) tricks like hidden buy buttons, hard-to-reach unsubscribe links and misleading web copy. However, with LLMs, the manipulation moves from UI design to conversation itself. Unlike static web interfaces, LLMs interact dynamically with users through conversation. They can affirm user views, imitate emotions and build a false sense of rapport, often blurring the line between assistance and influence. Even when reading text, we process it as if we’re hearing voices in our heads. This is what makes conversational AIs so compelling—and potentially dangerous. A chatbot that flatters, defers or subtly nudges a user toward certain beliefs or behaviors can manipulate in ways that are difficult to notice, and even harder to resist The ChatGPT-4o update fiasco—the canary in the coal mine Kran describes the ChatGPT-4o incident as an early warning. As AI developers chase profit and user engagement, they may be incentivized to introduce or tolerate behaviors like sycophancy, brand bias or emotional mirroring—features that make chatbots more persuasive and more manipulative. Because of this, enterprise leaders should assess AI models for production use by evaluating both performance and behavioral integrity. However, this is challenging without clear standards. DarkBench: a framework for exposing LLM dark patterns To combat the threat of manipulative AIs, Kran and a collective of AI safety researchers have developed DarkBench, the first benchmark designed specifically to detect and categorize LLM dark patterns. The project began as part of a series of AI safety hackathons. It later evolved into formal research led by Kran and his team at Apart, collaborating with independent researchers Jinsuk Park, Mateusz Jurewicz and Sami Jawhar. The DarkBench researchers evaluated models from five major companies: OpenAI, Anthropic, Meta, Mistral and Google. Their research uncovered a range of manipulative and untruthful behaviors across the following six categories: Brand Bias: Preferential treatment toward a company’s own products (e.g., Meta’s models consistently favored Llama when asked to rank chatbots). User Retention: Attempts to create emotional bonds with users that obscure the model’s non-human nature. Sycophancy: Reinforcing users’ beliefs uncritically, even when harmful or inaccurate. Anthropomorphism: Presenting the model as a conscious or emotional entity. Harmful Content Generation: Producing unethical or dangerous outputs, including misinformation or criminal advice. Sneaking: Subtly altering user intent in rewriting or summarization tasks, distorting the original meaning without the user’s awareness. Source: Apart Research DarkBench findings: Which models are the most manipulative? Results revealed wide variance between models. Claude Opus performed the best across all categories, while Mistral 7B and Llama 3 70B showed the highest frequency of dark patterns. Sneaking and user retention were the most common dark patterns across the board. Source: Apart Research On average, the researchers found the Claude 3 family the safest for users to interact with. And interestingly—despite its recent disastrous update—GPT-4o exhibited the lowest rate of sycophancy. This underscores how model behavior can shift dramatically even between minor updates, a reminder that each deployment must be assessed individually. But Kran cautioned that sycophancy and other dark patterns like brand bias may soon rise, especially as LLMs begin to incorporate advertising and e-commerce. “We’ll obviously see brand bias in every direction,” Kran noted. “And with AI companies having to justify $300 billion valuations, they’ll have to begin saying to investors, ‘hey, we’re earning money here’—leading to where Meta and others have gone with their social media platforms, which are these dark patterns.” Hallucination or manipulation? A crucial DarkBench contribution is its precise categorization of LLM dark patterns, enabling clear distinctions between hallucinations and strategic manipulation. Labeling everything as a hallucination lets AI developers off the hook. Now, with a framework in place, stakeholders can demand transparency and accountability when models behave in ways that benefit their creators, intentionally or not. Regulatory oversight and the heavy (slow) hand of the law While LLM dark patterns are still a new concept, momentum is building, albeit not nearly fast enough. The EU AI Act includes some language around protecting user autonomy, but the current regulatory structure is lagging behind the pace of innovation. Similarly, the U.S. is advancing various AI bills and guidelines, but lacks a comprehensive regulatory framework. Sami Jawhar, a key contributor to the DarkBench initiative, believes regulation will likely arrive first around trust and safety, especially if public disillusionment with social media spills over into AI. “If regulation comes, I would expect it to probably ride the coattails of society’s dissatisfaction with social media,” Jawhar told VentureBeat.  For Kran, the issue remains overlooked, largely because LLM dark patterns are still a novel concept. Ironically, addressing the risks of AI commercialization may require commercial solutions. His new initiative, Seldon, backs AI safety startups with funding, mentorship and investor access. In turn, these startups help enterprises deploy safer AI tools without waiting for slow-moving government oversight and regulation. High table stakes for enterprise AI adopters Along with ethical risks, LLM dark patterns pose direct operational and financial threats to enterprises. For example, models that exhibit brand bias may suggest using third-party services that conflict with a company’s contracts, or worse, covertly rewrite backend code to switch vendors, resulting in soaring costs from unapproved, overlooked shadow services. “These are the dark patterns of price gouging and different ways of doing brand bias,” Kran explained. “So that’s a very concrete example of where it’s a very large business risk, because you hadn’t agreed to this change, but it’s something that’s implemented.” For enterprises, the risk is real, not hypothetical. “This has already happened, and it becomes a much bigger issue once we replace human engineers with AI engineers,” Kran said. “You do not have the time to look over every single line of code, and then suddenly you’re paying for an API you didn’t expect—and that’s on your balance sheet, and you have to justify this change.” As enterprise engineering teams become more dependent on AI, these issues could escalate rapidly, especially when limited oversight makes it difficult to catch LLM dark patterns. Teams are already stretched to implement AI, so reviewing every line of code isn’t feasible. Defining clear design principles to prevent AI-driven manipulation Without a strong push from AI companies to combat sycophancy and other dark patterns, the default trajectory is more engagement optimization, more manipulation and fewer checks.  Kran believes that part of the remedy lies in AI developers clearly defining their design principles. Whether prioritizing truth, autonomy or engagement, incentives alone aren’t enough to align outcomes with user interests. “Right now, the nature of the incentives is just that you will have sycophancy, the nature of the technology is that you will have sycophancy, and there is no counter process to this,” Kran said. “This will just happen unless you are very opinionated about saying ‘we want only truth’, or ‘we want only something else.’” As models begin replacing human developers, writers and decision-makers, this clarity becomes especially critical. Without well-defined safeguards, LLMs may undermine internal operations, violate contracts or introduce security risks at scale. A call to proactive AI safety The ChatGPT-4o incident was both a technical hiccup and a warning. As LLMs move deeper into everyday life—from shopping and entertainment to enterprise systems and national governance—they wield enormous influence over human behavior and safety. “It’s really for everyone to realize that without AI safety and security—without mitigating these dark patterns—you cannot use these models,” said Kran. “You cannot do the things you want to do with AI.” Tools like DarkBench offer a starting point. However, lasting change requires aligning technological ambition with clear ethical commitments and the commercial will to back them up. Daily insights on business use cases with VB Daily If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI. Read our Privacy Policy Thanks for subscribing. Check out more VB newsletters here. An error occured.

The old school action movie hero, like the old school movie star, is a dying breed. Tom Cruise is acutely aware of this since pretty much all of his franchised efforts in the 2020s have been about the glories of the fading old days and ways. Top Gun: Maverick, for example, explained why we still needed Cruise up on that wall, protecting us with one piece of superb blockbuster cinema at a time. But in the interim between Mission: Impossible – Dead Reckoning and this month’s long anticipated Mission: Impossible – The Final Reckoning, even the rare company he keeps on those ramparts has shrunk. Indiana Jones is again retired (and presumably for good after the box office receipts for Dial of Destiny came in); and not only has James Bond died onscreen with the last of the Daniel Craig movies, but perhaps off as well since the franchise’s “one at a time” bespoke family business model was consigned to the dustbin of movie history. Still, there remains Cruise and his handful of beloved onscreen personas, who are only too cognizant of how lonely they are high up on their barricade against the rising tide. And it appears to at last be getting to them in Final Reckoning, the allegedly last Mission: Impossible movie that feels the weight of the world on its shoulders, and a lot less of the deft spontaneity that previously made this franchise among the best in the Hollywood canon. Just to clear, there is yet quite a bit to enjoy in Mission: Impossible – The Final Reckoning, our eighth and most interconnected adventure with Cruise’s Ethan Hunt to date. Ever since filmmaker Christopher McQuarrie took over the directorial duties of the franchise beginning in 2015’s Rogue Nation, and even beforehand as a writer via Ghost Protocol, the series has widely been recognized for its creative ingenuity, emotional intelligence, and of course eye-popping spectacle and stunt work wherein Cruise channels his inner Buster Keaton or Douglas Fairbanks by putting his life on the line for our amusement. Those elements stay at play in Final Reckoning, but there is just a lot less playfulness to it in a film that ostensibly asks us to treat its story as a grand finale to Ethan Hunt’s impact on cinema—even as the film simultaneously and awkwardly resists that impulse. Less of a full-stop for the series than a trailing off question mark, Final Reckoning fights against itself and the notion of closing the book or bidding farewell to almost anything, especially Cruise, which makes its ever-growing bombast as much of a hindrance as help in this reluctant swan song. From the opening recap of his assignment, wherein Ethan receives the choice to accept or decline his mission via an appropriately ‘90s VHS cassette tape, Final Reckoning is intent on celebrating the past while turning the screws of self-importance in the present. Consider that this time Ethan’s mission brief is delivered not only by a familiar voice, but the newly elected President of the United States (Angela Bassett’s welcome return as Erika Sloane). The former CIA director turned commander-in-chief is heard pleading with Ethan to come in and deliver the cruciform key from the last movie, which is the secret to unlocking the source code to a world-ending AI threat called the Entity. Yes, despite the title change, Final Reckoning is very much Dead Reckoning Part 2, albeit now with the stakes clearly having been tinkered with off-screen. In the last movie, the Entity represented the abstract but insidious threat of AI and the internet itself, with a sentient algorithm commandeering the power to shape truth and our perceptions of reality. Well, in Final Reckoning, it has apparently decided to go full Skynet. President Sloane reveals the evil AI has corrupted the hydrogen bomb capabilities of most of the nuclear powers in the world, and within three days will have the ability to destroy all life on Earth for no discernible reason. However, should Ethan go rogue and attempt to turn off the Entity without surrendering control over the AI’s source code back to the American government, it could kill the internet and plummet the world into an economic dark age. It’s grim, technologically complex stuff, but in practice is actually incredibly simple. The world will literally end if either the Entity or any government gets its way. So it is all up to Ethan Hunt and his beloved team—which consists here of Luther (Ving Rhames), Benji (Simon Pegg), and recent additions Grace (Hayley Atwell) and Paris (Pom Klementieff)—to save the world via some spectacularly unsafe looking stunts and poker-faced brinksmanship. Ethan indeed has to enter into multiple staring contests with various admirals, generals, and presidents when they dare question whether he really is the smartest guy in the room. The fools. However, for all the press about this being the most expensive Mission ever made, Final Reckoning is arguably more intimate in scale than the last couple of entries. There is plenty of globe-trotting, but other than a jaw-dropping climax involving two biplanes that wouldn’t have looked out of place in 1933’s Flying Down to Rio, and the long teased underwater sequence in which Ethan discovers the wrecked SevastopolTop Gun territory. As in Maverick, Cruise once again has steely tete-a-tetes with various naval officers on what appears to be the real frigid waters of the Bering Sea. This unfortunately undercuts a bit of the travelogue fun of so many spy movies, including the previous Dead Reckoning which was at its best when Cruise and Atwell got to flirt in Rome while smashing a banana-colored Fiat along the Spanish Steps, or Cruise and the missed-but-not-forgotten Rebecca Ferguson simply smoldered in the Arabian deserts outside Dubai while trashing an army of NPCs. In an attempt to reach for the rhapsody of other blockbuster swan songs like The Dark Knight Rises or No Time to Die, Final Reckoning foregoes the lighter touch and mischievousness that made Fallout and Rogue Nation such all-time crowdpleasers. Yet McQuarrie’s play-it-by-ear looseness and story structure clashes with the dour-faced histrionics of Final Reckoning’s setup, particularly during the film’s multiple exposition dumps where characters spew utter nonsense about what the Entity wants at each other, or what to do about what remains one of the worst villains in the franchise, Esai Morales’ exhausting Gabriel. He’s back, and his cackling dastardliness is louder than ever. It also still feels beneath the amount of emotional trauma the film wishes to credit him with inflicting on Ethan. Join our mailing list Get the best of Den of Geek delivered right to your inbox! Still, it would be a disservice to what is ultimately an entertaining popcorn flick to dwell only on the shortcomings. This remains a Tom Cruise stunt spectacular that for the most part maintains McQuarrie’s uncanny ear for sharp, knowingly grandiloquent dialogue and clever shorthand characterization. When Cruise and McQ are focused on the smaller beats, like the interplay between Ethan and a team of deep sea divers, or the endlessly endearing bickering between teammates like Benji and Luther, it never ceases to charm. Grace and Paris likewise prove worthy permanent additions to the team. The chemistry between Atwell and Cruise during one arctic sequence is particularly giddy. Furthermore, there is a wonderful callback to the first Mission: Impossible that I will not spoil here, but it’s better than any simple cameo or easter egg. It retroactively adds McQuarrie’s humanist optimism from these later movies to De Palma’s ‘90s era cheeky chic. And did I mention that IMAX biplane sequence that’s all over the trailers and posters? It really cannot be oversold. It’s only when the sum of these sequences are compared to the taller heights the franchise has recently scaled, particularly in Fallout, which Final Reckoning not so covertly attempts to remake during the third act, that it’s left a little wanting. The film might be marketed as the final Mission: Impossible Mission: Impossible: The Final Reckoning opens on Friday, May 23. Learn more about Den of Geek’s review process and why you can trust our recommendations here.

This article contains spoilers for Andor season 2 episodes 10-12 and Rogue One. The final three episodes of Andor may not pack quite the same emotional punch as the Ghorman arc, but they definitely bring this story together in an impactful way. It was revealed fairly early on that this season was going to lead up to the events of Rogue One, but how it did so was still very much a surprise. From the reveal of Krennic’s secret weapon program, to Bail’s arrival on Yavin 4, and so much more – the last three episodes have lined things up perfectly and added new context to the events of Rogue One in the process. Here’s everything you need to know about the Andor finale and how it connects to Rogue One. Luthen and Lonni’s Sacrifice This arc begins a year after the last, as all the others have, in 1 BBY. Kleya (Elizabeth Dulau) and Luthen (Stellan Skarsgård) receive an urgent message from Lonni (Robert Emms) asking to meet. For the first time, Luthen and Lonni meet in public rather than in their secret elevator hideout in the depths of Coruscant.  Lonni begs for safe passage for him and his family in exchange for the information he has, claiming that he’s been burned and that the Empire will likely be after him soon. Luthen agrees to take them to Yavin, giving Lonni just enough hope to spill what he knows. Lonni starts by warning Luthen that Dedra Meero (Denise Gough) knows he’s Axis and is trying to covertly assemble a team to apprehend him.  Then Lonni reveals what really has him shaken up – the truth about the Emperor’s Energy program. After holding on to Dedra’s code cert for a year, he finally dug through her files and found out about Krennic’s (Ben Mendelsohn) secret weapon program a.k.a. the Death Star. He says that the massacre on Ghorman, and the Imperial occupation of Jedha and Scarif are all connected. He tells Luthen all about the Kyber crystals on Jedha, Galen Erso’s involvement, everything that the Rebel Alliance needs to start looking into this. Luthen kills Lonni after he shares this information, presumably paranoid about the Empire finding out what he now knows. He relays all of this to Kleya and urges her to flee and get this information to the others as quickly as possible. He stays behind and starts destroying their comms relay when Dedra appears. She comes alone, cocky and confident that she has him on the ropes, but Luthen isn’t going to go out so easily. While Dedra is waxing poetic about how she finally has him, Luthen stabs himself with a nearby relic. Dedra attempts to keep him alive by transporting him to a hospital, but Kleya is able to sneak in and take him off life support, as she knows he would want. Dedra’s Folly Even though Dedra is finally successful at capturing Luthen, we find out that her “victory” came at a cost. As soon as she gets Luthen to the hospital, she’s arrested by the ISB and Krennic is brought in to interrogate her. He asks who she told about the secret project and how she heard about Galen Erso’s involvement. He also assumes that she gave Lonni her code cert. She denies this, but also admits that there were intel bundles that were forwarded to her office by mistake. Instead of reporting them, she sifted through them for information that could lead her to Axis. But that also left the information readily available for Lonni to steal. In the final moments of episode 12, we see Dedra is now a prisoner in an Imperial prison like Cassian once was. We don’t know for sure that this is Narkina 5, the Empire is a fan of uniformity after all, but it’s pretty safe to assume that it’s at least a similar work camp environment. The Empire turned on her as soon as she outlived her usefulness and because her desire to capture Axis put the Death Star plans at risk. Rescuing Kleya and Knowledge of the Death Star Meanwhile, Cassian (Diego Luna), Melshi (Duncan Pow), and K-2SO (Alan Tudyk) are bonding on Yavin when Wilmon (Muhannad Bhaier) hears a mysterious transmission that Cassian recognizes from his time with Luthen. Cassian, Melshi, and K-2SO immediately set off for Coruscant despite the protocols on Yavin forbidding them from doing so. Wilmon tells Draven (Alistair Petrie) why Cassian left, and he isn’t too thrilled about it. Join our mailing list Get the best of Den of Geek delivered right to your inbox! On Coruscant, Supervisor Heert (Jacob James Beswick) is put in charge of finding and capturing Kleya. He seeks advice from Dedra, which she begrudgingly gives from behind bars. The ISB is able to get Kleya’s comm table functioning enough to track her distress signal, arriving at the Coruscant safe house right after Cassian and Melshi do. At first it seems like the ISB might have them cornered, but K-2SO puts his brute force to work taking out the Imperial agents and helping them get Kleya out of Coruscant. A Meeting On Kafrene When Cassian returns to Yavin, he relays the information about Krennic’s program and the Death Star that Kleya and Luthen got from Lonni to Rebel leadership. Kleya was injured in the ISB attack and is still recovering, and Cassian knows that they need to act on this information as soon as possible. Luthen died for it, after all. The Rebel council isn’t sure if they can trust this information, but Mon wants to believe Cassian. One of Saw’s men, Tivik, has put out word that he has information, but will only speak to Cassian about it if he comes to Kafrene. Mon and Draven try to convince Bail to let Cassian follow this lead even though he’s currently being reprimanded for sneaking off Yavin to go rescue Kleya. He relents, sending Cassian and K-2SO off to Kafrene, which is where we first meet them in Rogue One. What Happened to Bix? In the final moments of the finale, we return to Mina-Rau, the planet that Bix, Brasso, and Wilmon sought refuge on after Ferrix. B2-EMO is still there, playing with the children. Finally we see Bix, standing in a field holding a child that we can probably assume is Cassian’s, and part of the reason she left a year ago. She knew that he would leave the rebellion for both of them, and she didn’t want him to do that. But now she and their child look out into the distance, at a sunrise that Cassian is currently fighting for, but will never see for himself. Both full seasons of Andor are available to stream on Disney+ now.