Who Could Buy Unity? / News / June 7, 2025 / Business, Unity Earlier this week 80.lv ran the incredibly misleading (some could say click-baity) article Analyst Suggests Apple Might be Considering Buying Unity After Legal Defeat to Epic Games. Might is doing some heavy lifting there as there is no actual evidence that Apple or any other company are currently looking to purchase Unity Technologies. That said, it is an interesting topic as a pure thought exercise. So today we are going to discuss the companies that could be potential suitors for Unity. Unity The obvious place to start is with Unity Technologies, which is to say they can simply stay an independent organization. While they are not profitable, their financial situation has been trending in a positive direction of late and they have sufficient cash and resources to stay independent for the foreseeable future. Should things get bad at Unity, it is possible one of their largest investors (Silver Lake Group, Vanguard Group, Sequoia Capital, Black Rock, etc) could take the company private again. Put simply, Unity does not need to be purchased and things can be kept as they are. Apple The original premise of this article is that Apple should buy Unity. Reasons why Apple should buy Unity: Apple and Unity have a long history, with Unity having been originally a Mac exclusive application and it has always supported Apple platforms Unity is by far the most used application for creating games on the Apple App Store Unity Grow products (ads, user acquisitions, analytics, etc) could have good synergy with Apples products Apple could prevent a potential future rival, especially around 3rd party app stores Reasons why Apple won’t buy Unity: Apple has never made a purchase anywhere near the size of Unity. Their largest acquisition to date (Beats) would be 1/4 to 1/5 the size of acquiring Unity Apple has never really gotten involved in gaming beyond small initiatives in the past Apple mostly grows in-house over acquisition and more acquisitions are subsumed into other Apple products, Unity is not a good fit here Amazon Amazon have heaps of cash and aren’t afraid to use it such as acquiring MGM, Whole Foods, Twitch and many more companies over the years. They also have several gaming-oriented interests and have made an attempt (that failed badly) to become a major game developer in the past. Reasons why Amazon should buy Unity: Amazon tried to enter gaming in a big way once already with the licensing of CryEngine to create Lumberyard (now O3DE) and buying up or forming several game studios. Unity would provide a much larger and more established foothold should they wish to buy their way in Amazon web services could be a good compliment to Unity’s server side offerings, while Unity’s Grow division could be a good fit for Amazon platforms Integration with their gaming platforms (Twitch, Luna, etc) Reasons why Amazon won’t buy Unity: Their last attempt into game development was a massive failure and much of it was rumored to be a culture problem Tencent Tencent have invested HEAVILY into the world of gaming (Ubisoft, Epic Games, Riot Games, Supercell, Snap, Funcom, Activision Blizzard, From Software, etc) and aren’t afraid of throwing money around, so Unity could be a good fit in that portfolio. That said recent political climate changes would render this acquisition very unlikely. Reasons why Tencent should buy Unity: Tencent have a presence across the entire gaming industry and already have a minority stake in Epic Games (Unreal Engine). This would more or less give them a controlling influence over two of the biggest players in the space Access to or ownership of Unity’s recently created China Joint Venture Integration with Tencents other holdings like WeChat or Snap might provide some synergies Reasons why Tencent won’t buy Unity: Not a snowballs chance in hell that regulators allow this acquisition to happen, from antitrust issues of owning stakes in both Unity and Unreal Engine, to just more broad geopolitical issues in the modern world Microsoft Microsoft are heavily invested in two areas that overlap with Unity, gaming and software development tools. On paper they might appear to be the perfect suitor for Unity and they have the cash hoard to make such a purchase with ease. Reasons why Microsoft should buy Unity: Unlike Apple, Microsoft has long been a proponent of growth via acquisition with some of their pillar products coming in the form of acquisitions. They also do not shy away from huge dollar purchases such as Activision Blizzard (69B), LinkedIn (26B), Nuance (20B), Skype (8.5B), ZeniMax (7.5B), GitHub (7.5B), Nokia (7B), Mojang[Minecraft] (2.5B) Microsoft have a long history of leveraging their development tools to grow their platforms Microsoft gaming studios/relationships/holdings such as XBox, Game Pass/PC Gaming, DirectX, Havok, etc. could benefit from a tighter relationship with Unity Like Amazon, Microsoft server-side services (Azure) could be used to power Unity Grow services Reasons why Microsoft won’t buy Unity: Microsoft only just finished their acquisition of Activision and it was an arduous and nearly doomed process. Buying another company in the gaming space might be a step too far for regulators While Microsoft doesn’t mind spending huge money on acquisitions, they also don’t mind killing those companies off after (Nokia? Skype?), especially if there is a market downturn like we are experiencing now AppLovin If there is a company that is most likely to buy Unity, and that would synergize best with Unity products, it’s AppLovin. In broad strokes, AppLovin, IronSource and Unity (Grow) are all in the same business. On top of that many of AppLovin’s biggest customers and products are directly tied to the Unity ecosystem. In fact, Unity and AppLovin are such a good fit that AppLovin attempted to buy Unity for nearly $20B back in 2022, when Unity instead pursued it’s doomed merger with IronSource. So, why would it make sense for AppLovin to buy Unity now? Well, these two 5 year stock performance charts more or less tell the entire story: It becomes crystal clear from that fateful date in August of 2022 which company has performed better and right now AppLovin is absolutely flush with cash. If there is a company that makes sense to acquire Unity, it’s AppLovin. Of course now that Unity owns IronSource, there are certainly questions of regulatory approval if this would even be allowed. Once again, this entire exercise is simply a thought exercise, just for fun. There is no public available news that ANYONE are looking to acquire Unity, nor that Unity is looking to be acquired. You can learn more about my thoughts on the matter in the video below.

A film adaptation of hit video game “Split Fiction” starring Sydney Sweeney and directed by Jon M. Chu has landed at Amazon MGM Studios, Variety has confirmed. As Variety first reported last month, along with the news of Sweeney’s casting (the actress signed on to the project March 6, the day the game launched) and Chu directing, the script for the movie is being written by “Deadpool & Wolverine” screenwriters Rhett Reese and Paul Wernick. Related Stories From developer Hazelight Studios and publisher Electronic Arts, “Split Fiction” blends fantasy and science fiction, following a pair of authors, Mio and Zoe, who become trapped in the worlds they wrote. Written by director and Hazelight studio chief Josef Fares and Sebastian Johansson, “Split Fiction” is a co-op adventure game that features gameplay mechanics involving split-screen combat, platforming challenges and differing abilities for each character. Popular on Variety The “Split Fiction” film will be produced by Mike Goldberg and Dmitri M. Johnson’s Story Kitchen (formerly dj2 Entertainment) and Chu’s Electric Somewhere. Sweeney, Story Kitchen’s Timothy I. Stevenson, and Hazelight Studios’ founder Josef Fares and COO Oskar Wolontis are executive producing. “Even in early development here at Hazelight, it was clear how much potential ‘Split Fiction’ had to become a kick-ass movie,” Wolontis told Variety Monday. “We now know it’s got a shot at becoming something truly special with such an amazing creative team behind it. Jon M. Chu, Sydney Sweeney, Rhett Reese and Paul Wernick, together with Story Kitchen, have all been champions and true fans of this project since day one, and we can’t wait to see their vision for this movie come to life! Amazon MGM has shown intense interest in this project and we’re happy to see them show both confidence and clear intent to bring this movie to all current and future fans of ‘Split Fiction’ out there. We look forward to holding them to that and working together to bring Mio and Zoe to screen.” It has yet to be decided whether Sweeney will be playing Zoe or Mio, and the film is actively looking to cast her co-star. Released March 6, “Split Fiction” quickly became a hit with players and critics alike, receiving positive reviews and massive sales. According to Hazelight, the game sold more than two million copies in the first week following its launch, and that number continues to rise at a rapid clip. Variety first reported the “Split Fiction” film was in the works, and attracting top Hollywood studios for a bidding war, during the Game Developers Conference in San Francisco in March. “Split Fiction” marks the third film adaptation Hazelight has set up with Story Kitchen, following projects in development based on games “It Takes Two” (also at Amazon MGM Studios and counting Dwayne Johnson’s Seven Bucks as producer) and “A Way Out.”

RoboCop: Rogue City – Unfinished Business preview: ‘We created something bigger than we expected’ Adam Starkey Published June 3, 2025 9:00am Stay out of trouble (Nacon) GameCentral goes hands-on with the standalone expansion of RoboCop: Rogue City, which dials up the action and gory splatter of 2023’s surprise hit. For a franchise that has arguably done nothing of worth since the early 90s, the future of RoboCop is looking surprisingly bright. Following Amazon’s acquisition of MGM, a new TV show is currently in the works, with rumbles of a new film as well. Whether this leads to a major rejuvenation for everyone’s favourite cyborg law enforcer remains to be seen, but the original source of any RoboCop redemption arc has to start with 2023’s RoboCop: Rogue City.  Developed by Polish studio Teyon, RoboCop: Rogue City was the kind of unexpected surprise you rarely get from licensed games. It recaptured the original’s wit and 80s aesthetic, but also found a way to deliver the fantasy of playing as the half-human cyborg without streamlining any of the character’s personality. The bloody action was built around his hulking, slow movement, dry one-liners were in abundance, and missions weren’t always reduced to mowing down thugs in corridors – you also handed people parking tickets, settled trivial civilian disputes, and, in one wonderfully mundane side mission, did the rounds in the office for a get well card.  The game became publisher Nacon’s ‘best ever launch’ with 435,000 players within two weeks. Now, a year and a half later, developer Teyon is back with a standalone expansion. Marketing around Unfinished Business has purposefully dodged the term *DLC*, but as explained by the studio’s communications manager, Dawid Biegun, it started out as exactly that.  ‘When we released RoboCop: Rogue City, we were thinking about, this story has many things [we can] do in the future,’ says Biegun. ‘We had many paths we could choose. So we basically started slowly developing some new storyline. The game was planned to be DLC but it grew out of control. It was a really rare situation where we created something bigger than we expected, so it became a standalone expansion from then.’ Unlike Rogue City, this expansion, which we’re told spans around eight hours on average, is centred around one location in the OmniTower. Like most things in the RoboCop realm created by OCP, this promised idyllic housing complex quickly goes south when a band of mercenaries assume control. To restore order, and after a creepy opening where an attack on the Detroit police station leaves several officers frozen solid, RoboCop is assigned to the case.  RoboCop has new moves at his disposal (Nacon) Unfinished Business wastes little time in throwing you into the action, and quickly amps up the chaos. For anyone who has played Rogue City, all the original tenets of the combat are here, albeit with a slight increase in difficulty. You’ll be looking for explosive cans to blast, illuminated panels to ricochet bullets off walls, and all the while trying not to expose yourself to too much gunfire. The combat purposefully doesn’t have the slick speed of Call Of Duty, but it is still aggressively punchy, with headshots resulting in satisfyingly bloody splatters and RoboCop’s famed Auto-9 machine pistol still having the kickback of a pocket pneumatic drill.  From the get-go, Unfinished Business pushes back in a way Rogue City never did. New enemies equipped with riot shields are a real nuisance if you don’t utilise the ricochet panels, while the ability to slow down time is a much bigger crutch to chip down the enemy numbers from a distance. Health pick-ups felt in shorter supply too, even on the normal difficulty, to the point where we barely scraped through several encounters.  While it’s unclear if this applies to the whole game, Unfinished Business feels like a gnarlier experience, when compared to the original. RoboCop has some new context sensitive finishing moves, like throwing enemy heads into concrete walls or vending machines, which is a satisfying addition to the melee arsenal. There’s greater enemy variety too, between fierce minigun heavyweights and flying drones, along with some neat action set pieces. In one standout, we had to operate a walkway bridge to deactivate a giant turret at the end of a room, dashing between cover as it rains down bullets and destroys the surrounding environment. Anyone who has played action games before will recognise all the mechanics at play in this scenario, but it was still well executed and effective. Another had a whiff of Star Wars, as you rush around shooting electrical panels to stop a trash compactor from crushing you via the descending ceiling. The action shift in Unfinished Business is best defined by a later sequence we got to play, where you take control of the franchise’s signature mech, ED-209. If the power fantasy of playing as RoboCop is tested in this expansion, ED-209’s section was pure mental catharsis, where you blast away enemy hordes with miniguns and rockets, and clean up any stragglers with a rigid, robotic stomp. The rush of piloting ED-209, with its cacophony of explosions and bullets, felt like a throwback to vehicle sections in a long lost Xbox 360 game – but in a good way.  While there’s a definite lean towards combat, rather than gift card signing, when compared to Rogue City, it hasn’t entirely abandoned the detective side. According to the developers, if Rogue City had a 60/40 percent split between guns and detective work, Unfinished Business ‘would be like 70/30, or 80/20’ in comparison. More Trending We saw some of this , with one memorable encounter seeing you quizzed by a RoboCop superfan who is unconvinced you’re the actual RoboCop, leading to a series of questions based on the history of the franchise. There is optional side missions too, although the time we had with our preview limited our chance to fully delve into them. The sales and positive reviews for RoboCop: Rogue City emboldened Teyon’s vision and scope for Unfinished Business – and that confidence shines through in what we played. Some might be disappointed by the steer towards action, and we were heading into this preview, but by the end, this felt like a welcome extension with its own unique flavour. This is RoboCop: Rogue City with its pedal to the floor, confined and concentrated into a lean, tightly focused machine.  As for the studio’s next steps, the success of RoboCop has only reaffirmed Teyon’s strengths and identity as a team. Between its three studios across Poland and Japan, with over 140 employees in total, Teyon wants to maintain its grip within the AA space. ‘We feel strong here in such games,’ Biegun said. ‘We wouldn’t want to grow like 200, 300, 400 people, because we’re going to lose our soul this way. We want to stay as we are right now.’ ED-209 needs be wary of stairs (Nacon) Email gamecentral@metro.co.uk, leave a comment below, follow us on Twitter, and sign-up to our newsletter. To submit Inbox letters and Reader’s Features more easily, without the need to send an email, just use our Submit Stuff page here. For more stories like this, check our Gaming page. Arrow MORE: How to get a Nintendo Switch 2 this week in the UK GameCentral Sign up for exclusive analysis, latest releases, and bonus community content. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Your information will be used in line with our Privacy Policy

The $7.6 billion Hyundai Motor Group Metaplant America, or HMGMA, is one of the newest and most technologically advanced car factories in the world.The plant, located near Savannah, Georgia, opened its doors in March and will be a key production facility for Hyundai's EVs and PHEVs, as well as those belonging to its Genesis luxury brand and sister company Kia.In a recent interview with Business Insider, Genesis North America COO Tedros Mengiste cited the investment as an example of Hyundai's track record for "visionary and strategic, and long-term thinking."I recently took a behind-the-scenes tour of Hyundai's new megafactory packed with autonomous robots and state-of-the-art tech. The Hyundai Metaplant is situated on a 3,000-acre campus in the south Georgia town of Ellabell. Hyundai's Metaplant America. Hyundai Located just 20 miles from the Port of Savannah, one of the busiest in the US, the plant not only gives Hyundai much-needed manufacturing capacity in the US to avoid import tariffs, but it also affords the company the flexibility to export vehicles abroad.It also gives Hyundai the production footprint to compete against rivals like Tesla, GM, and Rivian, which is also building a new factory in Georgia. Driving up to the factory, it's easy to be wowed by the sheer scale of the sprawling complex. The entryway to the Hyundai Motor Group Metaplant America campus in Ellabell, Georgia. Benjamin Zhang/Business Insider It's Hyundai Group's second car factory in the state. The company also operates a $3.2 billion, 2,200-acre facility in West Point, Georgia, that builds Kia EV and ICE SUVs. I drove to the factory in a new 2026 Hyundai Ioniq 9 EV SUV, which is one of the vehicles assembled at the Metaplant. Hyundai Ioniq 9 EVs are parked in front of the lobby at the Hyundai Motor Group Metaplant America in Georgia. Hyundai The only other model assembled at the plant is the Hyundai Ioniq 5 EV. My tour began in the plant's modern main lobby. The Metaplant lobby is modern and pleasant. Benjamin Zhang/Business Insider Hyundai broke ground on the facility in the fall of 2022 and took just two years to complete construction on the main production buildings. The Metaplant site consists of 11 buildings totalling 7.5 million square feet of space. A map of the Hyundai Motor Group Metaplant America in Georgia. Benjamin Zhang/Business Insider The Metaplant is a marvel of vertical integration, with the goal of having as many key components, ranging from battery packs to seats, made on-site. Here's a Hyundai XCIENT hydrogen fuel cell semi truck used to transport parts and supplies to the factory. A Hyundai XCIENT hydrogen fuel cell truck. Benjamin Zhang/Business Insider It's one of 21 emission-free XCIENT trucks deployed around the Metaplant site. The production process starts in the stamping shop, where sheet metal is cut and stamped into parts that will make up the frame of the car. The stamping facility. Benjamin Zhang/Business Insider The sheet metal is supplied by the on-site Hyundai Steel facility. Stamped parts are transported by automated guided vehicles, or AGVs. Autonomous robots are transporting stamped metal parts. Benjamin Zhang/Business Insider The plant employs almost 300 AGVs to shuttle everything from spare parts to partially assembled cars. The stamped metal panels are then stored in these massive racks. Racks full of stamped metal sections of Ioniq 5 and Ioniq 9 EVs. Benjamin Zhang/Business Insider The Metaplant was originally expected to produce up to 300,000 electrified vehicles annually. However, Hyundai announced at the plant's grand opening in March that its capacity will be expanded to 500,000 units in the coming years as part of a new $21 billion investment in US manufacturing. Here are parts of the Ioniq 9, Hyundai's new flagship three-row EV SUV. Parts of the Hyundai Ioniq 9 EV at the Hyundai Motor Group Metaplant America in Georgia. Benjamin Zhang/Business Insider The plant is expected to start production of its first Kia model next year. The next part of the tour is the welding shop. Ioniq 5 EVs at the welding facility at the Hyundai Motor Group Metaplant America in Georgia. Benjamin Zhang/Business Insider Here, the stamped metal pieces are welded together by robot to form the body of the vehicle. The work done by the welding robots is then inspected by the plant's human employees known as Meta Pros. The Hyundai Ioniq 5 and Ioniq 9 EVs are going through quality inspections in the welding shop. Benjamin Zhang/Business Insider The Metplant employees more than 1,300 Meta Pros, nearly 90% of whom were hired locally. There are employee meeting and break areas located along the inspection and assembly areas. Employee break and meeting area at the welding shop. Benjamin Zhang/Business Insider An employee cafeteria with remote ordering capability is located in the main assembly building. In addition to human eyes, the vehicles are also inspected by a pair of Boston Dynamics robot dogs called Spot. Boston Dynamics robot dogs inspecting Hyundai Ioniq 5 EVs. Benjamin Zhang/Business Insider In 2021, Hyundai acquired an 80% stake in Boston Dynamics in a deal that valued the company at $1.1 billion. After the inspections are complete, a robot loads the partially assembled vehicles onto a conveyor system. Ioniq 5 EVs are about to be lifted onto the conveyor belt to the paint shop. Benjamin Zhang/Business Insider Next stop, the paint shop. Unfortunately, my tour did not get access to the paint shop due to concerns that outside visitors may compromise the quality of the paint application. Hyundai EV bodies are moving from the paint shop to the assembly facility at the Hyundai Motor Group Metaplant America in Georgia. Benjamin Zhang/Business Insider After receiving a fresh coat of paint, the vehicles travel through a bridge to the assembly building. Here, the painted bodies are married with their battery packs and skateboard chassis. An Ioniq 5 on the assembly line. Benjamin Zhang/Business Insider Hyundai Mobis produces the skateboard chassis in a building next door to the general assembly facility. The Metaplant's on-site battery factory, operated in a joint venture with LG, is expected to come online next year. The plant currently sources its batteries from Hyundai's other facilities, including one in North Georgia that's a joint venture with SK. The vehicles' interiors are then assembled by hand. The Metaplant assembly line, where human workers are joining in. Benjamin Zhang/Business Insider The further along the production process, the more you see human workers on the assembly line. Partially assembled EVs are shuttled through from area to area by the automated robots. Ioniq 5 EVs at the Hyundai Motor Group Metaplant America in Georgia. Benjamin Zhang/Business Insider The entire facility was immaculately clean, quiet, and felt beautifully choreographed. Assembled vehicles are loaded onto different AGVs that navigate the facility by reading the QR codes embedded into the floor. Hyundai Ioniq 5 EVs after soak testing at the Hyundai Motor Group Metaplant America in Georgia. Benjamin Zhang/Business Insider These AGVs shuttle the vehicles through the plant's various quality control tests. At the end of the assembly line, completed EVs are put through their paces at the on-site test track before being sent to the vehicle preparation center, or VPC, to get them ready for shipping. Completed Hyundai EVs are ready for a dealer's lot. Benjamin Zhang/Business Insider Vehicles destined for dealerships in the region are put on trucks, while those traveling more than 500 miles are shipped by rail at the Metplant's on-site train terminal.

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

This month on Max you’ll get the return of The Gilded Age, the historical drama about life in 1880s New York City, now entering its third season. (On Max? HBO? On HBO Max? I’m lost and confused and scared and all I’m trying to do is give you a list of movies and shows that will be available over the next few months on streaming.)You’ll also get the streaming debuts of recent films Parthenope, The Day the Earth Blew Up: A Looney Tunes Movie, and A Minecraft Movie, the 2025 blockbuster that sent TikTok teens everywhere into a frenzy. Plus a new weekly documentary series called The Mortician explores the dark secret behind a California funeral home.Here’s the full list of what’s coming to (HBO) Max in June 2025...June 1A Hologram for the King (2016) A Nightmare on Elm Street (2010) A Perfect Getaway (2009) Backtrack (2016) Batman and Superman: Battle of the Super Sons (2022) Black Patch (1957) Blues in the Night (1941) Casino (1995) Fight Club (1999) Gentleman Jim (1942)14. Hellboy (2004)Sonyloading...Hellboy (2004) I Am Not Your Negro (2017) Igor (2008) Illegal (1955) In the Good Old Summertime (1949) Invasion of the Body Snatchers (1978) Kid Glove Killer (1942) Meet Me in St. Louis (1944) My Scientology Movie (2017) Numbered Men (1930) One Foot in Heaven (1941) Parasite (2019) Presenting Lily Mars (1943) Pride & Prejudice (2005) Public Enemies (2009) Reign of the Supermen (2019) Serenade (1956) Silver River (1948)MGMMGMloading...Spaceballs (1987) Split (2017) Strike Up the Band (1940) Summer Stock (1950) Superman: Man of Tomorrow (2020) Superman: Red Son (2020) Superman: Unbound (2013) Superman/Batman: Public Enemies (2009) Thank Your Lucky Stars (1943) The Death of Superman (2018) The Fighting 69th (1940) The Harvey Girls (1946) The Hunger Games (2012) The Hunger Games: Catching Fire (2013) The Hunger Games: Mockingjay Part 1 (2014) The Hunger Games: Mockingjay Part 2 (2015) The Man Who Invented Christmas (2017) The Match King (1932) The Mayor of Hell (1933)HBOHBOloading...The Mortician (HBO Original) The Nitwits (1935) The Prince and the Pauper (1937) The Sea Chase (1955) The Sea Hawk (1940) The Sunlit Night (2019) The Verdict (1946) They Made Me a Criminal (1939) This Side of the Law (1950) Three Faces East (1930) Three Strangers (1946) Total Drama Island, Season 2 (Cartoon Network) Wagons West (1952) Words and Music (1948) You'll Find Out (1940) Ziegfeld Follies (1946)June 2BBQ Brawl, Season 6 (Food Network)June 3Bullet Train (2022) Ugliest House in America, Season 6 (HGTV)June 41000-lb Roomies, Season 1 (TLC) Fatal Destination, Season 1 (ID)June 5Bea's Block, Season 1C (Max Original) Chespirito: Not Really on Purpose, Season 1 (Max Original)A24A24loading...June 6House Hunters International: Volume 9, Season 201 (HGTV) Parthenope (A24)June 10Virgins, Season 1 (TLC)June 11Guy's Grocery Games, Season 38 (Food Network)June 12Bitchin' Rides, Season 11 Mini Beat Power Rockers: A Superheroic Night (Discovery International)June 13Cleaner (2025) House Hunters: Volume 10, Season 240 (HGTV) Maine Cabin Masters, Season 10 (Magnolia Network) Super Sara (Max Original) Toad & Friends, Season 1BJune 16Hero Ball, Season 3BJune 17Dr. Sanjay Gupta Reports: Animal Pharm (CNN Originals, 2025) Super Mega Cakes, Season 1 (Food Network)June 19 Expedition Unknown, Season 15 (Discovery) Mystery At Blind Frog Ranch, Season 5 (Discovery)June 20House Hunters: Volume 10, Season 241 (HGTV) Lu & The Bally Bunch, Season 1C (Cartoon Network) Now or Never: FC Montfermeil (Max Original) Teen Titans Go!, Season 9B (Cartoon Network)June 21The Kitchen, Season 38 (Food Network) The Never Ever Mets, Season 2 (OWN)HBOHBOloading...June 22The Gilded Age, Season 3 (HBO Original)June 23Match Me Abroad, Season 2 (TLC)June 24Enigma (HBO Original) Mean Girl Murders, Season 3 (ID) The Invitation (2022)June 25Rehab Addict, Season 10 (HGTV)Ketchup EntertainmentKetchup Entertainmentloading...June 27House Hunters: Volume 10, Season 242 (HGTV) My Mom Jayne (HBO Original) Pati, Seasons 1&2 (Max Original) The Day the Earth Blew Up: A Looney Tunes Movie (2025)June 29#Somebody's Son, Season 1 (OWN) Family or Fiancé, Season 4 (OWN)June 3090 Day Fiancé: Pillow Talk, Season 11 (TLC) Truck U, Season 21Get our free mobile app2000s Movies That Got Bad Reviews That Are Actually GoodThese underrated films deserved better reviews than they got from most critics.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.Streaming services have basically come full circle: What started as a cheap alternative to cable TV has become an expensive monthly cost in its own right, as price hikes and crackdowns on password sharing have made subscribing to multiple streaming services just as expensive, if not more so, than some conventional cable plans. Luckily, there are often discounts, deals, and loopholes to exploit that can make streaming more affordable—and sometimes even free. Here are the best streaming deals you can get right now.This month's best streaming deal Credit: Peacock The very best streaming deal right now is for Peacock. You can get an annual Peacock Premium plan for $24.99 (saving you $55) with code SPRINGSAVINGS and get all caught up on Poker Face. (Look for more Peacock deals down below.)Here are the best of the rest of the streaming deals right now:Amazon Prime VideoYou can try a 30-day free trial.Check out what's new on Prime Video this month, as well as the best Prime Video Original movies to watch.Prime Video is also available on its own for $8.99 a month, so if you’re only in it for the shows and movies, you can skip the full Prime membership and save yourself six bucks a month.AMC+You can try AMC+ for $5 for the first month (regular price is $9.99/month) through Sling TV (scroll down to see the deal). You do not need to have a Sling plan to get this deal.If you do sign up for a Sling subscription, you’ll get your first month of AMC+ for free.You can also try a seven-day free trial.You can get an annual subscription to ad-free AMC+ through Verizon's +play for $83.88 (saves you $3 per month).You can bundle AMC+ with STARZ on Prime Video for $13.99 (save $6.99/month).You can sign up through Roku for just $2.99 for the first two months.Apple TV+You can get a 7-day free trial of Apple TV+.You can get a free subscription if you’re a T-Mobile customer with a Go5G Plus or Go5G Next plan.You get three months of free Apple TV+ when you buy an Apple product.You can get a free month of Apple TV+ when you sign up through Roku.You can get Apple Music for just $5.99/month with a student discount—and it comes with free access to Apple TV+.Check out the best original series from Apple TV.The Criterion ChannelThis arthouse streamer is the best service for true movie buffs, and you can sign up for a free trial before being charged the $99.99 annual fee (which already represents a savings over the $10.99 cost of a monthly plan).Curiosity StreamSave $20 when you sign up for a Standard Curiosity Stream annual plan, and $50 when you sign up for the Smart Bundle annual plan.New users can also score $250 off a lifetime subscription to Curiosity Stream’s Standard plan.DirecTV StreamYou can get two years of Max, Paramount+ with Showtime, Starz, MGM+, and Cinemax with the purchase of the Premier package starting at $124.99 per month (it saves $10 per month, or $240 over two years).Or can try a five-day free DirecTV Stream trial.You can also unlock 105+ free live channels just by signing up for MyFree DirecTV with your email and downloading the app.Discovery+You can subscribe to Discovery+ ($9.99/month) as an add-on through Sling TV—no base plan required.If you bundle it with Sling Blue or Sling Orange, you’ll get the first month free.There's also a seven-day free trial if you just want to test it out.Disney+You can get the Disney+, Hulu, and Max bundle with ads for $16.99 (a 43% discount off its original 29.97/mo price)Or you can get the Disney+, Hulu, and Max bundle without ads for $29.99 (a 42% discount off its original $51.97/mo price)You can get Disney+ and Hulu (with ads) for $10.99 per month (save 44% per month).You can get Disney+ and Hulu (no ads) for $19.99 per month (save 42% per month).You can get Disney+, Hulu, and ESPN+ (with ads) for $16.99 per month.You can get Disney+, Hulu, and ESPN+ (no ads) for $26.99 per month.Verizon subscribers who have an Unlimited Ultimate plan have the option to include a Disney package, which provides them with Disney+, Hulu, and ESPN+ (with ads) for just $10 monthly (save $6.99 per month).Check out what's new on Disney+ this month.FuboTVTry a seven-day free trial of FuboTV.If you’re a new subscriber, you get 30 days free of FuboTV Pro if you’re a My Best Buy Plus or Total member (save $84.99).New subscribers also get $20 off the first month.HuluYou can get the Disney+, Hulu, and Max bundle with ads for $16.99.Or you can get the Disney+, Hulu, and Max bundle without ads for $29.99.Get an annual plan of Hulu (with ads) for $99.99 instead of $9.99 monthly (save $19.89)You can get Disney+, Hulu, and ESPN+ (with ads) for $16.99 per month.Get Hulu + Live TV, Disney+, and ESPN+ (all three with ads) for $82.99 per month.T-Mobile members can get Hulu at no cost through Hulu on Us with their Go5G Next plan.Students can get Hulu for $1.99 per month after an 80% discount.Check out what's new on Hulu this month.MaxYou can get the new Disney+, Hulu, and Max bundle with ads for $16.99 (save $12.98/month).Or you can get the Disney+, Hulu, and Max bundle without ads for $29.99 (save $21.98/month)You can get Max (with ads) for $99.99 per year (save $19.89 per year over the monthly cost).You can get Max (with no ads) for $169.99 per year.You can get Max Premium (with no ads) for $209.99 per year (save $41.89 per year).Verizon subscribers who have myPlan have the option to include a Netflix and Max bundle package with ads for just $10 monthly per line (save $7.98 per month).Cricket Wireless includes Max (with ads) in its $60/month plan.Or if you use DoorDash regularly, you could sign up for a DashPass Annual Plan, and you’ll get Max (with ads) included at no extra cost for a year.Check out what's new on Max this month, and the best movies and TV shows to stream on Max.MGM+You can get six free months when you buy a Fire TV device from Amazon.Try for free with a seven-day trial on Amazon Prime.Or get two months of MGM+ for 99 cents/month on the Roku Channel if you join before May 22.NetflixIf you’re a Verizon customer, you can get a year of Netflix for free when you buy certain annual subscriptions through +play.If you’re a Verizon customer, you can get Netflix for a year if you buy an annual subscription to STARZ or AMC+ through +play. Read the FAQ here.Verizon subscribers who have myPlan have the option to include a Netflix and Max bundle package with ads for just $10 monthly per line (save $7.98 per month).You can save on Netflix (Standard with ads) if you’re a T-Mobile customer with a Go5G Plus or Next plan.Check out what's new on Netflix this month and the best movies and TV shows to stream this week.NFL+If you’re a Verizon customer, you can get an annual subscription to NFL+ Premium through +play for $99.99 (saving you around $80 over monthly billing)Or you could get the NFL+ for $6.99/mo or $49.99/season.Get NFL Sunday Ticket for $40 per month.Paramount+Get a year of Paramount+ Essential for $59.99 (save $2.99 per month compared to the monthly plan).You can get Paramount+ with SHOWTIME for free for a week, then it's $12.99 monthly.You can get Paramount+ for free when you sign up for a Walmart+ membership (or if you already have one) as part of your subscription.Students can get a Paramount+ Essential for $5.99 monthly.Or if you have a Hulu subscription, you can add Paramount+ with Showtime for $12.99/monthCheck out what's new on Paramount+ and Showtime this month.PeacockYou can get the annual Premium Peacock plan for $24.99 (save $55 with code SPRINGSAVINGS).Students can get Peacock Premium for $2.99 per month for 12 months.Xfinity internet customers who sign up for NOW TV for $20 a month, which includes 40 live TV and on-demand channels, can get Peacock Premium for free.Instacart+ members get a free Peacock Premium annual membershipHere are the best original Peacock shows worth watching.PhiloYou can try a seven-day free trial of Philo.ShowtimeYou can try it free for seven days with Paramount+.Get it bundled with Paramount+ across streaming services, including Hulu and Sling TV.Sling TVYou can get the Orange or Blue service for $20 for the first month, which is 50% off the regular monthly price.You can also save $38 by prepaying for the first 3 months of Sling TV.StarzYou can get a Starz subscription for $5 for three months.You can get Starz for $2.99/month for two months on Prime Video through May 27, then it's $10.99/month after.Or you can get it for $1.99 for two months if you sign up through Roku.VuduNo current deals for Vudu.YouTube TVYou can get two months of YouTube TV for $59.99 if you're a new subscriber.$59.99 for your first two months (save $46 for two months), then $82.99 per month.Get YouTube TV and NFL Sunday Ticket for $31.50 per month (plus $59.99/month for the YouTube TV base plan during the first two months)You can also try YouTube TV for free for 10 days.