In the 1950s, Kartell wasn’t yet known for its iconic plastic furniture, but it was already making waves in Italian design. One of its earliest, most unexpected products? A sleek, functional ski rack made for a Fiat. Decades later, the two Italian icons reunite for something a little more ambitious: the Fiat Grande Panda Kartell. This concept car reimagines Fiat’s beloved boxy silhouette with a design-first makeover, infused with Kartell’s signature color-blocking, material innovation, and bold personality. More than just a stylish refresh, the Fiat Grande Panda Kartell reflects shared values between the brands: simplicity, functionality, and accessibility. Fiat brings its automotive legacy; Kartell adds a forward-thinking approach to material and form. Unveiled at Milan Design Week 2025, the vehicle challenges what a car can look and feel like when design takes the driver’s seat. At first glance, it’s impossible to miss the fiery red exterior, a high-energy hue that nods to Kartell’s signature color. Contrasting black panels add a sharp color-blocked effect, dialing up the visual impact. Kartell’s iconic ‘K’ logo is stamped throughout the car, appearing on everything from the third pillar to the thermo-embossed upholstery. Inside, design lovers will spot a cheeky Easter egg: a mini version of Kartell’s iconic lamp, cleverly positioned on the dashboard cluster as a playful wink to Kartell’s lighting legacy. True to form, Kartell also brings its material expertise to the table. Polycarbonate 2.0 – a second-generation polymer made from renewable sources – makes its way into the car’s interior elements. Known for its durability and lightweight nature, the material is a subtle callback to Kartell’s most celebrated, sustainable designs. Even the upholstery leans into innovation. A “tex to tex” process transforms production scraps from Kartell’s Foliage armchair into fibers, which are then re-spun into 100% recycled polyester yarn for the seat covers. The result is a tactile interior that looks great, feels great, and makes a case for circular design in the automotive world. As more brands team up in unexpected ways, it’s refreshing to see two Italian legends reconnect through a shared history and a deep love for design. More than just a moment in Milan, the Fiat Grande Panda Kartell celebrates heritage while pushing boldly into the future. Stylish, sustainable, and distinctly Italian, it’s proof that when design leads the way, everyone wants a seat at the table – or in this case, behind the wheel. To learn more about the Fiat Grande Panda Kartell collaboration, visit kartell.com. Photography courtesy of Kartell and Fiat.

The US is currently prioritising a stablecoin-focused bill as part of its broader effort to establish a comprehensive regulatory framework for the crypto industry. Known as the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act, the proposed legislation seeks to introduce clear guidelines for the issuance and management of stablecoins—cryptocurrencies that are pegged to the value of reserve assets such as fiat currencies or gold. Recently, Senator Elizabeth Warren emphasised the need for stablecoin regulations to prevent private companies from creating their own versions of the US dollar.Earlier this week, the bill was approved by the House Financial Services Committee, advancing it to the House of Senate for the final approval. The crypto industry lauded the development, calling it a milestone moment for the sector's recognition.Paul Atkins, the chief of SEC's Crypto Task Force, has shown a strong support to the GENUIS Bill. Atkins, in an interview with CNBC said, “We have every expectation now that it's going to pass."As momentum builds around the GENIUS Act, let's take a closer look at what this proposed legislation could mean for the future of the stablecoin sector.GENIUS Bill: Key DetailsThe GENIUS bill was first introduced to the US lawmakers in February this year. Tim Scott, the Chairman of the Senate Banking Committee, is among the four sponsors of the proposed laws.Outlining the ambitions of this legislations, its sponsors said that the rules would establish clear protocols to guide the issuance of stablecoins in the US. Institutions like Meta that may seek licences to issue stablecoins will have to comply with these mandates.The rules will define reserve requirements for existing and potential stablecoin issuers, while also setting up regimes on the supervision, examination, and enforcement of stablecoin-producing businesses.Large-scale stablecoin issuers offering tokens worth $10 billion or banking firms are proposed to be under a strict oversight by the Federal Reserve (for banks). Meanwhile, large-scale non-bank entities will be monitored by the Office of the Comptroller of the Currency under, if the bill gets approved into an Act by the Senate.The states may individually get the right to regulate smaller stablecoin issuers internally.According to Senator Bill Hagerty, "The previous administration's hostility toward crypto and refusal to provide clear regulatory guidelines have severely stifled stablecoin innovation." He believes that this legislation can preserves a strong state pathway to stablecoin issuance.The US House Financial Services Committee passed the stablecoin bill in April.Stablecoin HypeThe US is among many nations that are now viewing stablecoin as a blockchain-based solution to quick, secure, and cheap cross-border transfers.Scott, the US Senate Banking Committee chief, sees stablecoins as a major advancement in the financial sector.“Stablecoins enable faster, cheaper, and competitive transactions in our digital world and facilitate seamless cross-border payments,” he said. "From enhancing transaction efficiency to driving demand for US Treasuries, the potential benefits of strong stablecoin innovation are immense."US President Donald Trump himself is part of issuing the USD1 stablecoin, indicating support to the sector's potential.While the stablecoin bill is still making its way through the legislative process in the US, Hong Kong passed its own stablecoin bill on May 21 that is slated to come into effect within this year.Traditional fintech giants like Visa, Mastercard, and PayPal are also exploring service offerings related to stablecoins.Among blockchain majors, Polygon plans to concentrate on its stablecoin plans this year, owing to "rising institutional demands".A recent report by Standard Chartered estimated that the size of the stablecoin market could surge by about 10-fold to $2 trillion (roughly Rs. 1,71,29,830 crore) within the next three years. For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube. Further reading: Cryptocurrency, Stablecoin, Genuis Act, US Radhika Parashar Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More Related Stories

Cybersecurity leaders aren't just dealing with attacks—they're also protecting trust, keeping systems running, and maintaining their organization's reputation. This week's developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn't enough anymore—resilience needs to be built into everything from the ground up. That means better systems, stronger teams, and clearer visibility across the entire organization. What's showing up now isn't just risk—it's a clear signal that acting fast and making smart decisions matters more than being perfect. Here's what surfaced—and what security teams can't afford to overlook. ⚡ Threat of the Week Microsoft Fixes 5 Actively Exploited 0-Days — Microsoft addressed a total of 78 security flaws in its Patch Tuesday update for May 2025 last week, out of which five of them have come under active exploitation in the wild. The vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. It's currently not known in what context these defects have been exploited, who is behind them, and who was targeted in these attacks. Download the Report ➝ 🔔 Top News Marbled Dust Exploits Output Messenger 0-Day — Microsoft revealed that a Türkiye-affiliated threat actor codenamed Marbled Dust exploited as zero-day a security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. The attacks, the company said, are associated with the Kurdish military operating in Iraq. The attacks exploited CVE-2025-27920, a directory traversal vulnerability affecting version 2.0.62 that allows remote attackers to access or execute arbitrary files. It was addressed in December 2024. Konni APT Focuses on Ukraine in New Phishing Campaign — The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia amidst the ongoing Russo-Ukrainian war. Proofpoint, which disclosed details of the activity, said the objective of the attacks is to collect intelligence on the "trajectory of the Russian invasion." The attack chains entail the use of phishing emails that impersonate a fictitious senior fellow at a non-existent think tank, tricking recipients into visiting credential harvesting pages or downloading malware that can conduct extensive reconnaissance of the compromised machines. Coinbase Discloses Data Breach — Cryptocurrency giant Coinbase disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. The activity bribed its customer support agents based in India to obtain a list of customers, who were then approached as part of a social engineering attack to transfer their digital assets to a wallet under the threat actor's control. The attackers also unsuccessfully attempted to extort the company for $20 million on May 11, 2025, by claiming to have information about certain customer accounts as well as internal documents. The compromised agents have since been terminated. While no passwords, private keys, or funds were exposed, the attackers made away with some amount of personal information, including names, addresses, phone numbers, email addresses, government ID images, and account balances. Coinbase did not disclose how many of its customers fell for the scam. Besides voluntarily reimbursing retail customers who were duped into sending cryptocurrency to scammers, Coinbase is offering a $20 million reward to anyone who can help identify and bring down the perpetrators of the cyber attack. APT28 Behind Attacks Targeting Webmail Services — APT28, a hacking group linked to Russia's Main Intelligence Directorate (GRU), has been targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities. The attacks, ongoing since at least 2023, targeted governmental entities and defense companies in Eastern Europe, although governments in Africa, Europe, and South America were also singled out. The victims in 2024 alone included officials from regional national governments in Ukraine, Greece, Cameroon and Serbia, military officials in Ukraine and Ecuador, and employees of defense contracting firms in Ukraine, Romania and Bulgaria. The group's spear-phishing campaign used fake headlines mimicking prominent Ukrainian news outlets like the Kyiv Post about the Russia-Ukraine war, seemingly in an attempt to entice targets into opening the messages using the affected webmail clients. Those who opened the email messages using the affected webmail clients were served, via the XSS flaws, a custom JavaScript payload capable of exfiltrating contacts and email data from their mailboxes. One of the payloads could steal passwords and two-factor authentication codes, allowing the attackers to bypass account protections. The malware is also designed to harvest the email credentials, either by tricking the browser or password manager into pasting those credentials into a hidden form or getting the user to log out, whereupon they were served a bogus login page. Earth Ammit Breaches Drone Supply Chains to Target Taiwan and South Korea — The threat actor known as Earth Ammit targeted a broader range of organizations than just Taiwanese drone manufacturers, as initially supposed. While the set of attacks was believed to be confined to drone manufacturers in Taiwan, a subsequent analysis has uncovered that the campaign is more broader and sustained in scope than previously thought, hitting the heavy industry, media, technology, software services, healthcare, satellite, and military-adjacent supply chains, and payment service providers in both South Korea and Taiwan. The attacks targeted software vendors and service providers as a way to reach their desired victims, who were the vendors' downstream customers. "Earth Ammit's strategy centered around infiltrating the upstream segment of the drone supply chain. By compromising trusted vendors, the group positioned itself to target downstream customers – demonstrating how supply chain attacks can ripple out and cause broad, global consequences," Trend Micro noted. "Earth Ammit's long-term goal is to compromise trusted networks via supply chain attacks, allowing them to target high-value entities downstream and amplify their reach." ‎️‍🔥 Trending CVEs Attackers love software vulnerabilities—they're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out. This week's list includes — CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709 (Microsoft Windows), CVE-2025-42999 (SAP NetWeaver), CVE-2024-11182 (MDaemon), CVE-2025-4664 (Google Chrome), CVE-2025-4632 (Samsung MagicINFO 9 Server), CVE-2025-32756 (Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera), CVE-2025-4427, CVE-2025-4428 (Ivanti Endpoint Manager Mobile), CVE-2025-3462, CVE-2025-3463 (ASUS DriverHub), CVE-2025-47729 (TeleMessage TM SGNL), CVE-2025-31644 (F5 BIG-IP), CVE-2025-22249 (VMware Aria Automation), CVE-2025-27696 (Apache Superset), CVE-2025-4317 (TheGem WordPress theme), CVE-2025-23166 (Node.js), CVE-2025-47884 (Jenkins OpenID Connect Provider Plugin), CVE-2025-47889 (Jenkins WSO2 Oauth Plugin), CVE-2025-4802 (Linux glibc), and CVE-2025-47539 (Eventin plugin). 📰 Around the Cyber World Attackers Leverage PyInstaller to Drop Infostealers on Macs — Attackers are using PyInstaller to deploy information stealers on macOS systems. These ad-hoc signed samples bundle Python code into Mach-O executables using PyInstaller, allowing them to be run without requiring Python to be installed or meet version compatibility requirements. "As infostealers continue to become more prevalent in the macOS threat landscape, threat actors will continue the search for new ways to distribute them," Jamf said. "While the use of PyInstaller to package malware is not uncommon, this marks the first time we've observed it being used to deploy an infostealer on macOS." Kosovo National Extradited to the U.S. for Running BlackDB.cc — A 33-year-old Kosovo national named Liridon Masurica has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018. He has been charged with five counts of fraudulent use of unauthorized access devices and one count of conspiracy to commit access device fraud. If convicted on all counts, Masurica faces a maximum penalty of 55 years in federal prison. He was taken into custody by authorities in Kosovo on December 12, 2024. Masurica is alleged to be the lead administrator of BlackDB.cc from 2018 to the present. "BlackDB.cc illegally offered for sale compromised account and server credentials, credit card information, and other personally identifiable information of individuals primarily located in the United States," the Justice Department said. "Once purchased, cybercriminals used the items purchased on BlackDB.cc to facilitate a wide range of illegal activity, including tax fraud, credit card fraud, and identity theft." Former BreachForums Admin to Pay $700k in Healthcare Breach — Conor Brian Fitzpatrick, aka Pompompurin, a former administrator of the BreachForums cybercrime forum, will forfeit roughly $700,000 in a civil lawsuit settlement related to Nonstop Health, a health insurance company whose customer data was posted for sale on the forum in 2023. Fitzpatrick was sentenced to time served last year, but he went on to violate the terms of his release. He is set to be resentenced next month. Tor Announces Oniux for Kernel-Level Tor Isolation — The Tor project has announced a new command-line utility called oniux that provides Tor network isolation for third-party applications using Linux namespaces. This effectively creates a fully isolated network environment for each application, preventing data leaks even if the app is malicious or misconfigured. "Built on Arti, and onionmasq, oniux drop-ships any Linux program into its own network namespace to route it through Tor and strips away the potential for data leaks," the Tor project said. "If your work, activism, or research demands rock-solid traffic isolation, oniux delivers it." DoJ Charges 12 More in RICO Conspiracy — The U.S. Department of Justice announced charges against 12 more people for their alleged involvement in a cyber-enabled racketeering conspiracy throughout the United States and abroad that netted them more than $263 million. Several of these individuals are said to have been arrested in the U.S., with two others living in Dubai. They face charges related to RICO conspiracy, conspiracy to commit wire fraud, money laundering, and obstruction of justice. The defendants are also accused of stealing over $230 million in cryptocurrency from a victim in Washington D.C. "The enterprise began no later than October 2023 and continued through March 2025," the Justice Department said. "It grew from friendships developed on online gaming platforms. Members of the enterprise held different responsibilities. The various roles included database hackers, organizers, target identifiers, callers, money launderers, and residential burglars targeting hardware virtual currency wallets." The attacks involved database hackers breaking into websites and servers to obtain cryptocurrency-related databases or acquiring databases on the dark web. The miscreants then determined the most valuable targets and cold-called them, using social engineering to convince them their accounts were the subject of cyber attacks and that they were helping them take steps to secure their accounts. The end goal of these attacks was to siphon the cryptocurrency assets, which were then laundered and converted into fiat U.S. currency in the form of bulk cash or wire transfers. The money was then used to fund a lavish lifestyle for the defendants. "Following his arrest in September 2024 and continuing while in pretrial detention, Lam is alleged to have continued working with members of the enterprise to pass and receive directions, collect stolen cryptocurrency, and have enterprise members buy luxury Hermes Birkin bags and hand-deliver them to his girlfriend in Miami, Florida," the agency said. ENISA Launches EUVD Vulnerability Database — The European Union launched a new vulnerability database called the European Vulnerability Database (EUVD) to provide aggregated information regarding security issues affecting various products and services. "The database provides aggregated, reliable, and actionable information such as mitigation measures and exploitation status on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services," the European Union Agency for Cybersecurity (ENISA) said. The development comes in the wake of uncertainty over MITRE's CVE program in the U.S., after which the U.S. Cybersecurity and Infrastructure Security Agency (CISA) stepped in at the last minute to extend their contract with MITRE for another 11 months to keep the initiative running. 3 Information Stealers Detected in the Wild — Cybersecurity researchers have exposed the workings of three different information stealer malware families, codenamed DarkCloud Stealer, Chihuahua Stealer, and Pentagon Stealer, that are capable of extracting sensitive data from compromised hosts. While DarkCloud has been advertised in hacking forums as early as January 2023, attacks distributing the malware have primarily focused on government organizations since late January 2025. DarkCloud is distributed as AutoIt payloads via phishing emails using PDF purchase order lures that display a message claiming their Adobe Flash Player is out of date. Chihuahua Stealer, on the other hand, is a .NET-based malware that employs an obfuscated PowerShell script shared through a malicious Google Drive document. First discovered in March 2025, Pentagon Stealer makes use of Golang to realize its goals. However, a Python variant of the same stealer was detected at least a year prior when it was propagated via fake Python packages uploaded to the PyPI repository. Kaspersky Outlines Malware Trends for Industrial Systems in Q1 2025 — Kaspersky revealed that the percentage of ICS computers on which malicious objects were blocked in Q1 2025 remained unchanged from Q4 2024 at 21.9%. "Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 10.7% in Northern Europe to 29.6% in Africa," the Russian security company said. "The biometrics sector led the ranking of the industries and OT infrastructures surveyed in this report in terms of the percentage of ICS computers on which malicious objects were blocked." The primary categories of detected malicious objects included malicious scripts and phishing pages, denylisted internet resources, and backdoors, and keyloggers. Linux Flaws Surge by 967% in 2024 — The number of newly discovered Linux and macOS vulnerabilities increased dramatically in 2024, rising by 967% and 95% in 2024. The year was also marked by a 96% jump in exploited vulnerabilities from 101 in 2023 to 198 in 2024, and an unprecedented 37% rise in critical flaws across key enterprise applications. "The total number of software vulnerabilities grew by 61% YoY in 2024, with critical vulnerabilities rising by 37.1% – a significant expansion of the global attack surface and exposure of critical weaknesses across diverse software categories," Action1 said. "Exploits spiked 657% in browsers and 433% in Microsoft Office, with Chrome leading all products in known attacks." But in a bit of good news, there was a decrease in remote code execution vulnerabilities for Linux (-85% YoY) and macOS (-44% YoY). Europol Announces Takedown of Fake Trading Platform — Law enforcement authorities have disrupted an organized crime group that's assessed to be responsible for defrauding more than 100 victims of over €3 million ($3.4 million) through a fake online investment platform. The effort, a joint exercise conducted by Germany, Albania, Cyprus, and Israel, has also led to the arrest of a suspect in Cyprus. "The criminal network lured victims with the promise of high returns on investments through a fraudulent online trading platform," Europol said. "After the victims made initial smaller deposits, they were pressured to invest larger amounts of money, manipulated by fake charts showing fabricated profits. Criminals posing as brokers used psychological tactics to convince the victims to transfer substantial funds, which were never invested but directly pocketed by the group." Two other suspects were previously arrested from Latvia in September 2022 as part of the multi-year probe into the criminal network. New "defendnot" Tool Can Disable Windows Defender — A security researcher who goes by the online alias es3n1n has released a tool called "defendnot" that can disable Windows Defender by means of a little-known API. "There's a WSC (Windows Security Center) service in Windows which is used by antiviruses to let Windows know that there's some other antivirus in the hood and it should disable Windows Defender," the researcher explained. "This WSC API is undocumented and furthermore requires people to sign an NDA with Microsoft to get its documentation." Rogue Communication Devices Found in Some Chinese Solar Power Inverters — Reuters reported that U.S. energy officials are reassessing the risk posed by Chinese-made solar power inverters after unexplained communication equipment was found inside some of them. The rogue components are designed to provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, according to two people familiar with the matter. This could then be used to switch off inverters remotely or change their settings, enabling bad actors to destabilize power grids, damage energy infrastructure, and trigger widespread blackouts. Undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, the report added. Israel Arrest Suspect Behind 2022 Nomad Bridge Crypto Hack — Israeli authorities have arrested and approved the extradition of a Russian-Israeli dual national Alexander Gurevich over his alleged involvement in the Nomad Bridge hack in August 2022 that allowed hackers to steal $190 million. Gurevich is said to have conspired with others to execute an exploit for the bridge's Replica smart contract and launder the resulting proceeds through a sophisticated, multi-layered operation involving privacy coins, mixers, and offshore financial entities. "Gurevich played a central role in laundering a portion of the stolen funds. Blockchain analysis shows that wallets linked to Gurevich received stolen assets within hours of the bridge breach and began fragmenting the funds across multiple blockchains," TRM Labs said. "He then employed a classic mixer stack: moving assets through Tornado Cash on Ethereum, then converting ETH to privacy coins such as Monero (XMR) and Dash." Using V8 Browser Exploits to Bypass WDAC — Researchers have uncovered a sophisticated technique that leverages vulnerable versions of the V8 JavaScript engine to bypass Windows Defender Application Control (WDAC). "The attack scenario is a familiar one: bring along a vulnerable but trusted binary, and abuse the fact that it is trusted to gain a foothold on the system," IBM X-Force said. "In this case, we use a trusted Electron application with a vulnerable version of V8, replacing main.js with a V8 exploit that executes stage 2 as the payload, and voila, we have native shellcode execution. If the exploited application is whitelisted/signed by a trusted entity (such as Microsoft) and would normally be allowed to run under the employed WDAC policy, it can be used as a vessel for the malicious payload." The technique builds upon previous findings that make it possible to sidestep WDAC policies by backdooring trusted Electron applications. Last month, CerberSec detailed another method that employs WinDbg Preview to get around WDAC policies. 🎥 Cybersecurity WebinarsDevSecOps Is Broken — This Fix Connects Code to Cloud to SOC Modern applications don't live in one place—they span code, cloud, and runtime. Yet security is still siloed. This webinar shows why securing just the code isn't enough. You'll learn how unifying AppSec, cloud, and SOC teams can close critical gaps, reduce response times, and stop attacks before they spread. If you're still treating dev, infra, and operations as separate problems, it's time to rethink. 🔧 Cybersecurity Tools Qtap → It is a lightweight eBPF tool for Linux that shows what data is being sent and received—before or after encryption—without changing your apps or adding proxies. It runs with minimal overhead and captures full context like process, user, and container info. Useful for auditing, debugging, or analyzing app behavior when source code isn't available. Checkov → It is a fast, open-source tool that scans infrastructure-as-code and container packages for misconfigurations, exposed secrets, and known vulnerabilities. It supports Terraform, Kubernetes, Docker, and more—using built-in security policies and Sigma-style rules to catch issues early in the development process. TrailAlerts → It is a lightweight, serverless AWS-native tool that gives you full control over CloudTrail detections using Sigma rules—without needing a SIEM. It's ideal for teams who want to write, version, and manage their own alert logic as code, but find CloudWatch rules too limited or complex. Built entirely on AWS services like Lambda, S3, and DynamoDB, TrailAlerts lets you detect suspicious activity, correlate events, and send alerts through SNS or SES—without managing infrastructure or paying for unused capacity. 🔒 Tip of the Week Catch Hidden Threats in Files Users Trust Too Much → Hackers are using a quiet but dangerous trick: hiding malicious code inside files that look safe — like desktop shortcuts, installer files, or web links. These aren't classic malware files. Instead, they run trusted apps like PowerShell or curl in the background, using basic user actions (like opening a file) to silently infect systems. These attacks often go undetected because the files seem harmless, and no exploits are used — just misuse of normal features. To detect this, focus on behavior. For example, .desktop files in Linux that run hidden shell commands, .lnk files in Windows launching PowerShell or remote scripts, or macOS .app files silently calling terminal tools. These aren't rare anymore — attackers know defenders often ignore these paths. They're especially dangerous because they don't need admin rights and are easy to hide in shared folders or phishing links. You can spot these threats using free tools and simple rules. On Windows, use Sysmon and Sigma rules to alert on .lnk files starting PowerShell or suspicious child processes from explorer.exe. On Linux or macOS, use grep or find to scan .desktop and .plist files for odd execution patterns. To test your defenses, simulate these attack paths using MITRE CALDERA — it's free and lets you safely model real-world attacker behavior. Focusing on these overlooked execution paths can close a major gap attackers rely on every day. Conclusion The headlines may be over, but the work isn't. Whether it's rechecking assumptions, prioritizing patches, or updating your response playbooks, the right next step is rarely dramatic—but always decisive. Choose one, and move with intent. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

The south ramp of FIAT’s Lingotto complex is fully in bloom thanks to a new site-specific installation by artists Jennifer Allora and Guillermo Calzadilla. The duo has created Graft (Phantom Tree) for La Pista 500, an art gallery at the former FIAT raceway in Turin, Italy.  Created as the FIAT headquarters and car factory, the Lingotto complex was built in the 1920s by Giacomo Matte-Trucco. After closing its doors in 1982, an architecture competition, won by Renzo Piano, transformed the building into a multi-purpose complex. The restructuring by Renzo Piano took place from 1991 to 2003 over three consecutive phases. The Giovanni and Marella Agnelli Picture Gallery, Pinacoteca Agnelli, opened in 2002. Part of the approximately 30,000 square feet of space includes La Pista 500, an outdoor art project for temporary exhibitions on what once was the car testing track on the Lingotto rooftop.  Graft (Phantom Tree) is one of four new installations on display at La Pista 500. (Sebastiano Pellion di Persano/Courtesy Pinacoteca Agnelli, Torino) Graft (Phantom Tree) was positioned in such a way that it expands on the rooftop garden at the site, teasing the eruption of plantings visitors will find as they journey to the top. The work also draws from horticulture in its title. “Grafting” is a process used to join plants from different species, allowing them to grow together. Additionally, “ghost trees” are trees that have either been removed or never had a chance to grow due to deforestation. Delicately suspended amid the ramp’s industrial helix, Graft (Phantom Tree) is a bright intervention that gently commands the viewer’s gaze. The installation uses recycled polyvinyl castings of blossoms from the roble amarillo, an oak species native to the Caribbean. The artists chose this plant to shed light on the region’s significant loss of biodiversity from the colonial period to the present day. By displacing the flowers from their original place on a tree, the installation becomes a commentary on vanished roots. The plastic flowers are arranged like a tree without its trunk or branches. (Sebastiano Pellion di Persano/Courtesy Pinacoteca Agnelli, Torino) Based in Puerto Rico, Allora & Calzadilla have been active since 1995. Through their practice, the duo uses a wide variety of artistic media to explore interconnectivity between history, ecology, and geopolitics. Works in La Pista 500 feature international artists whose pieces engage with the architectural history, urban context, and surrounding landscape of the site. Allora & Calzadilla, along with three other artists, join installations by Thomas Bayrle, Monica Bonvicini, VALIE EXPORT, Sylvie Fleury, Dominique Gonzalez-Foerster, Marco Giordano, Louise Lawler, Finnegan Shannon, and SUPERFLEX on the Lingotto’s rooftop. Graft (Phantom Tree) will be on display until March 1, 2026.

The old school action movie hero, like the old school movie star, is a dying breed. Tom Cruise is acutely aware of this since pretty much all of his franchised efforts in the 2020s have been about the glories of the fading old days and ways. Top Gun: Maverick, for example, explained why we still needed Cruise up on that wall, protecting us with one piece of superb blockbuster cinema at a time. But in the interim between Mission: Impossible – Dead Reckoning and this month’s long anticipated Mission: Impossible – The Final Reckoning, even the rare company he keeps on those ramparts has shrunk. Indiana Jones is again retired (and presumably for good after the box office receipts for Dial of Destiny came in); and not only has James Bond died onscreen with the last of the Daniel Craig movies, but perhaps off as well since the franchise’s “one at a time” bespoke family business model was consigned to the dustbin of movie history. Still, there remains Cruise and his handful of beloved onscreen personas, who are only too cognizant of how lonely they are high up on their barricade against the rising tide. And it appears to at last be getting to them in Final Reckoning, the allegedly last Mission: Impossible movie that feels the weight of the world on its shoulders, and a lot less of the deft spontaneity that previously made this franchise among the best in the Hollywood canon. Just to clear, there is yet quite a bit to enjoy in Mission: Impossible – The Final Reckoning, our eighth and most interconnected adventure with Cruise’s Ethan Hunt to date. Ever since filmmaker Christopher McQuarrie took over the directorial duties of the franchise beginning in 2015’s Rogue Nation, and even beforehand as a writer via Ghost Protocol, the series has widely been recognized for its creative ingenuity, emotional intelligence, and of course eye-popping spectacle and stunt work wherein Cruise channels his inner Buster Keaton or Douglas Fairbanks by putting his life on the line for our amusement. Those elements stay at play in Final Reckoning, but there is just a lot less playfulness to it in a film that ostensibly asks us to treat its story as a grand finale to Ethan Hunt’s impact on cinema—even as the film simultaneously and awkwardly resists that impulse. Less of a full-stop for the series than a trailing off question mark, Final Reckoning fights against itself and the notion of closing the book or bidding farewell to almost anything, especially Cruise, which makes its ever-growing bombast as much of a hindrance as help in this reluctant swan song. From the opening recap of his assignment, wherein Ethan receives the choice to accept or decline his mission via an appropriately ‘90s VHS cassette tape, Final Reckoning is intent on celebrating the past while turning the screws of self-importance in the present. Consider that this time Ethan’s mission brief is delivered not only by a familiar voice, but the newly elected President of the United States (Angela Bassett’s welcome return as Erika Sloane). The former CIA director turned commander-in-chief is heard pleading with Ethan to come in and deliver the cruciform key from the last movie, which is the secret to unlocking the source code to a world-ending AI threat called the Entity. Yes, despite the title change, Final Reckoning is very much Dead Reckoning Part 2, albeit now with the stakes clearly having been tinkered with off-screen. In the last movie, the Entity represented the abstract but insidious threat of AI and the internet itself, with a sentient algorithm commandeering the power to shape truth and our perceptions of reality. Well, in Final Reckoning, it has apparently decided to go full Skynet. President Sloane reveals the evil AI has corrupted the hydrogen bomb capabilities of most of the nuclear powers in the world, and within three days will have the ability to destroy all life on Earth for no discernible reason. However, should Ethan go rogue and attempt to turn off the Entity without surrendering control over the AI’s source code back to the American government, it could kill the internet and plummet the world into an economic dark age. It’s grim, technologically complex stuff, but in practice is actually incredibly simple. The world will literally end if either the Entity or any government gets its way. So it is all up to Ethan Hunt and his beloved team—which consists here of Luther (Ving Rhames), Benji (Simon Pegg), and recent additions Grace (Hayley Atwell) and Paris (Pom Klementieff)—to save the world via some spectacularly unsafe looking stunts and poker-faced brinksmanship. Ethan indeed has to enter into multiple staring contests with various admirals, generals, and presidents when they dare question whether he really is the smartest guy in the room. The fools. However, for all the press about this being the most expensive Mission ever made, Final Reckoning is arguably more intimate in scale than the last couple of entries. There is plenty of globe-trotting, but other than a jaw-dropping climax involving two biplanes that wouldn’t have looked out of place in 1933’s Flying Down to Rio, and the long teased underwater sequence in which Ethan discovers the wrecked SevastopolTop Gun territory. As in Maverick, Cruise once again has steely tete-a-tetes with various naval officers on what appears to be the real frigid waters of the Bering Sea. This unfortunately undercuts a bit of the travelogue fun of so many spy movies, including the previous Dead Reckoning which was at its best when Cruise and Atwell got to flirt in Rome while smashing a banana-colored Fiat along the Spanish Steps, or Cruise and the missed-but-not-forgotten Rebecca Ferguson simply smoldered in the Arabian deserts outside Dubai while trashing an army of NPCs. In an attempt to reach for the rhapsody of other blockbuster swan songs like The Dark Knight Rises or No Time to Die, Final Reckoning foregoes the lighter touch and mischievousness that made Fallout and Rogue Nation such all-time crowdpleasers. Yet McQuarrie’s play-it-by-ear looseness and story structure clashes with the dour-faced histrionics of Final Reckoning’s setup, particularly during the film’s multiple exposition dumps where characters spew utter nonsense about what the Entity wants at each other, or what to do about what remains one of the worst villains in the franchise, Esai Morales’ exhausting Gabriel. He’s back, and his cackling dastardliness is louder than ever. It also still feels beneath the amount of emotional trauma the film wishes to credit him with inflicting on Ethan. Join our mailing list Get the best of Den of Geek delivered right to your inbox! Still, it would be a disservice to what is ultimately an entertaining popcorn flick to dwell only on the shortcomings. This remains a Tom Cruise stunt spectacular that for the most part maintains McQuarrie’s uncanny ear for sharp, knowingly grandiloquent dialogue and clever shorthand characterization. When Cruise and McQ are focused on the smaller beats, like the interplay between Ethan and a team of deep sea divers, or the endlessly endearing bickering between teammates like Benji and Luther, it never ceases to charm. Grace and Paris likewise prove worthy permanent additions to the team. The chemistry between Atwell and Cruise during one arctic sequence is particularly giddy. Furthermore, there is a wonderful callback to the first Mission: Impossible that I will not spoil here, but it’s better than any simple cameo or easter egg. It retroactively adds McQuarrie’s humanist optimism from these later movies to De Palma’s ‘90s era cheeky chic. And did I mention that IMAX biplane sequence that’s all over the trailers and posters? It really cannot be oversold. It’s only when the sum of these sequences are compared to the taller heights the franchise has recently scaled, particularly in Fallout, which Final Reckoning not so covertly attempts to remake during the third act, that it’s left a little wanting. The film might be marketed as the final Mission: Impossible Mission: Impossible: The Final Reckoning opens on Friday, May 23. Learn more about Den of Geek’s review process and why you can trust our recommendations here.

Pour renforcer notre équipe de rédaction, nous recrutons plusieurs rédacteurs Web pour la publication des articles sur la santé et des articles tutoriels sur le fonctionnement d'Afiatalk.com