Every item on this page was hand-picked by a House Beautiful editor. We may earn commission on some of the items you choose to buy.While some design-minded folks prefer the shiny, unmarked quality of newly made furniture and decor, others opt for the charm and history associated with vintage and antique treasures. Buying secondhand and locally is not only more sustainable, but it's a great way to avoid increased fees from recent tariff policies. There's never been a better time to invest in ready-made pieces that have seen decades (or even centuries) of history unfold. That said, discerning the true value of high-end antiques—whether it be a secretary desk whose top requires a bit of elbow grease to open or a Lalique bottle that bears a tiny chip in the base—is no easy feat. After all, if you don't know the ins and outs of this particular niche, you could very well get duped into overspending.To prepare you for your next outing to the antique shop, vintage store, or flea market, we asked experts in the field for their most helpful shopping tips. Here's what they had to say about sourcing decades-old treasures—without regretting your purchase later. Related Stories Buy From a Reputable Sourcetaikrixel//Getty Images"Fakes are really the rare outliers and not the norm in the world of antiques and vintage furniture," according to Anthony Barzilay Freund, editorial director and director of fine art at 1stDibs. He says that it's always best to investigate the reputation of individual dealers or browse a reputable online marketplace that sells only vetted and authenticated items. "When buying any piece of furniture that purports to be old, it's important that you are working with a reputable dealer who has a history of handling the type of material and a track record of participating in vetted fairs or selling on digital platforms such as 1stDibs that monitor inventory," Freund continues. That way, you can trust the info you're given. "You can perform your due diligence by asking the dealer to provide you with any information about the piece's provenance (who made it, where it was made, and who owned it over the years)."As for antique-hunting at thrift stores and flea markets, you may find a few quality pieces here and there. "And the more you look, the better able you'll be to discern quality," says Freund. So, browse often!Related StoryLook for a Maker’s MarkMany antiques from famed designers bear a stamp or signature indicating who made them—but many don't, and not all stamps can be trusted. "A piece that has a stamp may be an indication that it's by a specific designer, but there have been known cases in which some badly intentioned people use someone else's branding stamp to produce fakes," says Benoist F. Drut, owner of New York–based gallery Maison Gerard. The prolific 18th-century French designer George Jacobs, for instance, was famous for his iconic stamps, but even he didn't mark every piece he designed with a signature, so "you can't rely entirely on the stamp to prove authenticity," Drut says. That being said, he adds, "It's usually obvious if it's a real stamp and not a copy." Herman MillerIf there's an artist or design house you like, do some research first to uncover exactly what type of mark, if any, you should be seeking. For example, one of the most popular vintage pieces is the beloved Eames lounge chair. According to the brand, which still produces some of the designer's original designs, "Labels and stamps can be the best and the quickest method of authenticating your Eames design. It may also help you to date and value your piece." Every Eames piece, from the first designs from the early 1940s to the ones produced now, bears a label. The only exception is the fiberglass shell chair, each of which bears a stamp. Both the labels and stamps feature a series of letters and numbers that can help determine the exact age of the piece. Related StoryAsk for Provenance DocumentsThis may seem like the most straightforward step, but it's usually the least reliable for one key reason. "Pieces that are a few hundred years old move from place to place during their lifetime, and rarely do the papers follow them," Drut explains. In most cases, you simply have to decide whether or not you trust what the dealer is telling you to be true about a piece's provenance. Some items, however, do come with papers that can easily be authenticated. These pieces are typically ones that have been in the family's estate for generations. If such papers aren't available, he adds, a piece may also be listed in probate inventories or wills, so be sure to check everywhere.A piece with family provenance further helps validate its authenticity. In certain occasions, a piece may be seen in an early 20th-century black and white photograph or, in rare instances, in a daguerreotype.—Erik GronningRelated StoryDo Your Own ResearchBeeldbewerking//Getty ImagesIf you're considering an older piece, the dealer from whom you're buying it should have a general idea of the year or decade it was produced. With that information, do some digging about how similar pieces of furniture were made and with which types of materials. "Look at books about that time period and, if you can, visit museums," says Drut. "It doesn't take a professional to see all of the subtle details—such as the materials and techniques used—that indicate if it's authentic or not." Along the way, you might uncover some lesser-known designers whose pieces are still genuine works of art, but may be easier to find and more affordable to purchase. (If an Eames chair is out of your price range, for example, you might want to look into a Plycraft seat.)Related StoryPerform a “Run-Down”Before making a big-ticket purchase, ask the dealer what the piece is made of—the response will be another indicator of authenticity. Take chairs as an example."Plenty of chairs and sofas made today are filled with foam," says Drut. "An 18th-century chair, however, will be filled with horsehair, as foam was not invented until much later in the 20th century."You'll also want to observe where small marks or imperfections in the construction may bear the signature of a handcrafted (as opposed to mass-produced) item. "The process of making a piece of furniture using only hand tools leaves behind 'tool marks,'" says Erik Gronning, Sotheby's head of Americana. "Saws leave a mark called a saw kerf while planes leave plane marks, and modern electrical powered saws and planes also leave marks, but theirs are regular and not inconsistent as one sees with hand tools." Related Story Request Pre-Restoration PhotosGiorez//Getty Images"If the piece has been extensively cleaned and/or refinished," Freund advises, "ask to see pre-restoration photographs." Any reputable restorer regularly enlisted by antique dealers is likely to have a few on hand. Here's the thing about restorations: They're not a bad thing, and they're definitely not a reason to question a piece's authenticity or age. For instance, Drut says, if you're considering buying a 19th-century chair whose back leg is attached with glue, "that's because it's 200 years old and, without the glue, the chair may not be usable." Looking at an image of the chair before the glue was applied can reassure you that you're getting a strengthened original, not a fake. On the other hand, if you find a centuries-old piece that looks spotless, "How can you explain that? You can't," says Drut." An alleged antique that looks too good to be true probably is." Consider what an update may be concealing: "If something has been fully painted over, that often means that someone has something to hide. Stay away," says Drut. More specifically, Gronning adds that "18th- and early 19th-century pieces in their 'original' surface have a very dark or nearly black appearance that, to the untrained eye, could appear dirty or ratty, but it is this appearance that helps authenticate its age." If this is the case with an antique treasure you're considering, it's important to look at any perceived flaws as marks of character. "Antiques and vintage pieces have a patina and personality that one cannot find in a newly constructed object," Freund says. "Rather than viewing this as damage or wear and tear, antique lovers think signs of age give an object a visual interest, warmth, and uniqueness that really enhances the character of a room." Follow House Beautiful on Instagram and TikTok.

Next week, the former president of “Grant Theft Auto” maker Rockstar North launches his first title since leaving the Take-Two Interactive-owned video game developer and opening his own studio, Build A Rocket Boy: the AAA narrative-driven action-adventure thriller “MindsEye.” Published by IOI Partners, the team behind the “Hitman” franchise, the Unreal Engine 5-built game will debut June 10 across PlayStation 5, Xbox Series X and S, and on PC via Steam and Epic Games Store with a $59.99 price tag for the standard edition. Related Stories Set in the near-futuristic city of Redrock, “MindsEye” puts players into the role of Jacob Diaz, a former soldier haunted by fragmented memories from his mysterious MindsEye neural implant, as he uncovers a conspiracy involving rogue AI, corporate greed, an unchecked military, and a threat so sinister that it endangers the very survival of humanity. Popular on Variety But the base story isn’t the biggest draw for “MindsEye,” which includes Build A Rocket Boy’s proprietary Game Creation System, that enables players to, well, “craft anything in their minds eye.” Per the studio, “Players can craft their own experiences using all of the ‘MindsEye’ assets, creating everything from custom missions to entirely new scenarios within the game’s expansive, richly detailed world. Whether you’re designing a high-speed chase through Redrock’s bustling cityscapes or a stealth mission in its industrial outskirts, it is designed to be intuitive and easy to use, ensuring that players of all skill levels can bring their imagination to life.” Benzies’ Edinburgh-based Build A Rocket Boy has promised “fresh premium content” will rollout monthly for the game, including regular releases of new missions, challenges and game assets. While “MindsEye” is the first title from Benzies since he launched BARB after leaving Rockstar in 2016 (Benzies was the lead “Grand Theft Auto” developer across the third through fifth games in the franchise, as well as “Grand Theft Auto Online,” and was in a legal battle with parent company Take Two over unpaid royalties from 2016 until 2019), it’s just step one in the prolific producer’s plan to shake up the gaming industry. “At Build A Rocket Boy, our vision goes far beyond a single title,” Benzies told Variety. “‘MindsEye’ is the first episode and central story around which ever-expanding interconnected episodes will span. We’re already working on future episodes, which will introduce alternate realities while maintaining it’s core themes of hope, redemption, and the intrigue of civilizations past and future, drawing from the lore and multiverse concepts.” See Variety‘s full interview with Benzies below, including the inevitable comparisons that will be drawn between “MindsEye” and the aesthetic of the “GTA” franchise, and his hopes for Rockstar Games’ highly anticipated and much-delayed “GTA 6.” Where did the concept for “MindsEye” come from? I pull a lot of inspiration from the real world. Watching the actions of humans – their foibles and their virtues. Watching the advancement of technology and how we adapt, or indeed, do not adapt. We’ve been moving to an automated world for many years now, and the impact on humans, especially with recent advancements in AI, which serves as good fodder for a story and even better for a video game. I think we all have this little nagging feeling about how humans and AI will blend together in the future—will it go smoothly, or will it turn sinister? We’re fans of all different types of media, and we’ve drawn influence from cinematic visionaries like Ridley Scott, Paul Greengrass, Christopher Nolan, and J.J. Abrams, and films like “The Bourne Identity,” “Memento,” and TV series “Lost” — they’re all exploring memory, perception, and control in their own ways. So, while we nod to those influences here and there, we wanted to build something that feels fresh, grounded in today’s world, but still asking the kinds of questions that have always made this genre powerful. With your “GTA” roots, obvious comparisons are already being drawn between the style and aesthetic of that franchise and “MindsEye.” Comparisons will always be made—it’s the way human beings pigeonhole concepts. But “MindsEye” isn’t built to fit into anyone else’s box. Many games share the same core elements: cars, guns, cities, and charismatic characters, and differentiation is even tougher in today’s entertainment landscape. Streaming, social media, and on-demand binge culture have fractured attention spans, and consumer mindshare is a brutal battlefield for all IP. Our industry continues to celebrate each other’s breakthroughs, and I’m proud that our collective innovation is advancing the medium of gaming, even if our paths diverge. As an independent studio we have the freedom to break ground in experimental new ways and the challenge is balancing innovation with familiarity—too much “new” risks alienating fans, too much “same” feels stale. It’s about nailing what makes your game’s world feel alive and urgent. “MindsEye” is about consequence and connection—it’s cinematic, reactive, and meant to feel like a world you’re not just playing in, but able to create in it too. We’re excited to see what they’ve crafted with “GTA VI ,” and I can’t wait to play it as a consumer for the first time. They’re always delivering something new, unique and at a scale that very few can pull off. What does MindsEye represent in BARB’s larger vision and long-term strategy? Are you plotting this out as a multi-game franchise or your first standalone? At Build A Rocket Boy, our vision goes far beyond a single title. “MindsEye” is the first episode and central story around which ever-expanding interconnected episodes will span. We’re already working on future episodes, which will introduce alternate realities while maintaining it’s core themes of hope, redemption, and the intrigue of civilizations past and future, drawing from the lore and multiverse concepts. It’s the future of entertainment to allow active participation so players feel like they have agency and can immerse themselves in our world as they want to. We are introducing three products in one game that will revolutionize AAA-quality interactive gaming and storytelling: “MindsEye” narrative story, Play.MindsEye, and Build.MindsEye. In our tightly crafted action-noir, “MindsEye” narrative story we have rips in time accessed through portals at strategic points throughout the game – so while you play as Jacob Diaz on his personal journey, players can also explore side stories and delve deeper into the backstories of characters they encounter along the way. In this way we are delivering companion content at the same time as the anchor content, weaving a rich narrative tapestry which will continue to evolve and expand giving greater depth to characters so you understand their personality and motivations. How do digital products Play.MindsEye (formerly named Arcadia) and Build.MindsEye (formerly Everywhere) tie in to plans for “MindsEye” and what BARB wants to offer gamers? In this new era of entertainment, where streaming platforms, boom-and-bust games, and an on-demand culture dominate, we’re pushing things in a new direction—with an interface that simplifies how we consume not just games, but all forms of entertainment. Consumers are moving away from 2D browsing into fully 3D, immersive experiences. Put simply, we’re shifting from passive interaction to active participation. As with all new products, things evolve. Arcadia was originally envisioned as our creation platform, but as we continued developing “MindsEye” and building out BARB’s ecosystem, it naturally grew into something more focused— Play.MindsEye and Build.MindsEye. Play delivers cinematic, high-intensity gameplay with missions and maps that constantly evolve. Build gives players intuitive tools to create their own content—no technical skills required, just imagination and intent. For BARB to fully realize our vision, we had to beta test our creation system with a community of builders in real-time and started with Everywhere while we were in stealth mode developing MindsEye. How did you settle on IOI as publishing partner? We’ve always found the way IOI handled the “Hitman” franchise interesting. They are one of the few publishers that have taken their single-player IP and increased their player count and amplified their community culture over time. From a technology point of view, their one executable approach for all of their content is very smart, and we always planned to have a similar approach, which encouraged us to join forces. This interview has been edited and condensed.

Following the breakout success of ‘Your Friends and Neighbors’, which stars Jon Hamm and wrapped its first season last week, Apple has extended its deal with showrunner Jonathan Tropper, Deadline reports. Three-time Apple signee Apple TV+ first partnered with Tropper back in 2019, when he served as executive producer and showrunner for See, one of the platform’s launch titles. Since then he’s quietly become one of the most prolific creators on Apple TV+, with two active series and two high-profile films currently in the pipeline. Under the terms of this latest multi-year extension, he’ll continue developing and producing original content for Apple through his production company, Tropper Ink. Here’s Tropper: “Working with the entire team at Apple continues to be the single most creatively fulfilling collaboration of my career, and I’m looking forward to bringing Lucky and other new projects to the platform, while making more seasons of Your Friends & Neighbors” Breakout success According to Nielsen sampling data, Your Friends and Neighbors is the most-watched new Apple drama series of the year, based on first-month viewership across U.S. households. It’s also on track to break into the Nielsen Streaming Top 10 for the first time, a rare feat for a newer Apple TV+ original. Notably, Apple had already seen the breakout coming: the show was renewed for a second season back in November, months before it even premiered. Season 2 is currently in production. Up next Coming up next from Tropper: Lucky, a limited series starring Anya Taylor-Joy (The Gorge, Furiosa: A Mad Max Saga) and based on Marissa Stapley’s bestselling novel, is expected to debut later this year. On the film side, Tropper is writing and producing The Corsair Code, a sci-fi mystery adventure starring Chris Hemsworth (Thor: Ragnarok), and Matchbox, an action-comedy based on the iconic toy brand, featuring John Cena (Peacemaker), Jessica Biel (The Illusionist), and Sam Richardson (Veep). Outside of Apple, Tropper is also writing an upcoming Star Wars film for director Shawn Levy. Not bad. Apple TV+ is available for $9.99 per month and features hit TV shows and movies like Ted Lasso, Severance, The Studio, The Morning Show, Shrinking and Silo. Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The Keychron Q14 Max is an Alice-layout mechanical keyboard with a flipped numpad. It's unusual, but perfect for the right person.Keychron Q14 MaxIt feels that 2025 has been a keyboard odyssey for this reviewer. Specifically, an odyssey through a wide range of keyboards offered by one of the most prolific manufacturers in the industry: Keychron.Ranging from large to small, lightweight to heavyweight, wireless, wired, and everything in between. All with features to meet any workspace needs. Continue Reading on AppleInsider | Discuss on our Forums

Pope-Leighey House | © Peter Thomas via Unsplash Constructed in 1940, the Pope-Leighey House represents Frank Lloyd Wright’s Usonian vision, his architectural response to the social, economic, and aesthetic conditions of mid-20th-century America. Designed for middle-class clients, the Usonian houses were intended to democratize quality design, providing spatial dignity at an affordable cost. In stark contrast to the mass-produced suburban housing of the post-Depression era, Wright sought to design individualized homes rooted in site, economy, and human scale. Pope-Leighey House Technical Information Architects1-6: Frank Lloyd Wright Original Location: Falls Church, Virginia, USA Current Location: Woodlawn Plantation, Alexandria, Virginia, USA Gross Area: 111.5 m2 | 1,200 Sq. Ft. Project Years: 1939 – 1940 Relocation: 1964 (due to the construction of Interstate 66) Photographs: © Photographer The house of moderate cost is not only America’s major architectural problem but the problem most difficult for her major architects. I would rather solve it with satisfaction to myself and Usonia than anything I can think of. – Frank Lloyd Wright 7 Pope-Leighey House Photographs © Lincoln Barbour © Peter Thomas via Unsplash © Peter Thomas via Unsplash © Lincoln Barbour © Lincoln Barbour © Peter Thomas via Unsplash © Peter Thomas via Unsplash © Peter Thomas via Unsplash Contextual Framework and Commissioning The house, commissioned by journalist Loren Pope, was initially situated in Falls Church, Virginia, on a wooded lot chosen to amplify Wright’s principles of organic architecture. Working within a modest budget, Pope approached Wright after reading his critique of conventional American housing. Wright accepted the commission and delivered a design reflecting his social idealism and formal ingenuity. In 1964, the house was relocated to the grounds of the Woodlawn Plantation in Alexandria, Virginia, due to the construction of Interstate 66. While disrupting the original site specificity, this preservation affirms the cultural value placed on the work and raises enduring questions about the transposability of architecture designed for a particular place. Design Principles and Architectural Language The Pope-Leighey House distills the essential characteristics of Wright’s Usonian ideology. Modest in scale, the 1,200-square-foot house is arranged in an L-shaped plan, responding to programmatic needs and solar orientation. The linearity of the bedroom wing intersects perpendicularly with the open-plan living space, forming a sheltered outdoor terrace that extends the perceived interior volume into the landscape. Wright’s orchestration of spatial experience is central to the house’s architectural impact. The low-ceilinged entrance compresses space, setting up a dynamic release into the double-height living area, an architectural maneuver reminiscent of his earlier Prairie houses. Here, horizontality is emphasized in elevation and experience, reinforced by continuous bands of clerestory windows and built-in furnishings that draw the eye laterally across space. Materially, the house embodies a deliberate economy. Red tidewater cypress, brick, and concrete are left exposed, articulating their structural and tectonic roles without ornament. The poured concrete floor contains radiant heating, a functional and experiential feature that foregrounds the integration of structure, comfort, and environmental control. Window mullions extend into perforated wooden panels, demonstrating Wright’s inclination to merge architecture and craft, blurring the line between enclosure and furnishing. Structural Rationality and Construction Methodology A defining feature of the Usonian series, particularly the Pope-Leighey House, is the modular planning system. Based on a two-foot grid, the plan promotes construction efficiency while enabling spatial flexibility. This systemic logic underpins the entire design, from wall placements to window dimensions, allowing the house to feel simultaneously rigorous and organic. Construction strategies were purposefully stripped of excess. The flat roof, cantilevered overhangs, and minimal interior partitions reflect an architecture of subtraction. Without a basement or attic, the house resists hierarchy in its vertical organization. Walls are built with simple sandwich panel techniques, and furniture is integrated into the architecture, reducing material use and creating visual unity. Despite the constraints, the house achieves a high level of tectonic expression. The integration of structure and detail is particularly evident in the living room’s perforated wood screens, which serve as decorative elements, light diffusers, and spatial dividers. These craft elements reinforce the Gesamtkunstwerk ambition in Wright’s residential works: a house as a total, synthesized environment. Legacy and Architectural Significance Today, the Pope-Leighey House is a critical touchstone in Wright’s late-career trajectory. It encapsulates a radical yet modest vision, architecture not as monumentality but as a refined environment for everyday life. Preserved by the National Trust for Historic Preservation, the house continues to serve as a pedagogical model, offering insights into material stewardship, compact living, and formal economy. In architectural discourse, Wright’s larger commissions often overshadow the Usonian homes. Yet the Pope-Leighey House demands recognition for what it accomplishes within limitations. It is a project that questions conventional paradigms of domestic space and asserts that thoughtful design is not a luxury reserved for the elite but a right that can and should be extended to all. The house’s quiet radicalism remains relevant in today’s discussions of affordable housing, sustainable design, and spatial minimalism. Its influence is evident in contemporary explorations of prefab architecture, passive environmental systems, and spatial efficiency, fields that continue to grapple with the same questions Wright addressed eight decades ago. Pope-Leighey House Plans Floor Plan | © Frank Lloyd Wright Section | © Frank Lloyd Wright East Elevation | © Frank Lloyd Wright North Elevation | © Frank Lloyd Wright West Elevation | © Frank Lloyd Wright Pope-Leighey House Image Gallery About Frank Lloyd Wright Frank Lloyd Wright (1867–1959) was an American architect widely regarded as one of the most influential figures in modern architecture. Known for developing the philosophy of organic architecture, he sought harmony between human habitation and the natural world through forms, materials, and spatial compositions that responded to context. His prolific career includes iconic works such as Fallingwater, the Guggenheim Museum, and the Usonian houses, redefined residential architecture in the 20th century. Credits and Additional Notes Original Client: Loren Pope Architectural Style: Usonian Structure: Wood frame on a concrete slab with radiant heating Materials: Tidewater cypress, brick, concrete, glass Design Team: Frank Lloyd Wright and Taliesin Fellowship apprentices Preservation: Owned and maintained by the National Trust for Historic Preservation

This summer is predicted to be another scorcher, with record breaking temperatures across the U.S. beginning in June. While traditional summer crops do require heat, which is why we wait for summer to grow them, extreme heat waves or heat domes are a different thing altogether. Plants have a series of behaviors they'll display when under heat pressure. They can wilt, which is what it sounds like, due to water stress. Leaves will droop, and the solution isn't necessarily more water, but letting the plant ride out the wave with some shade, if you can provide it. Plants may bolt, which is when they stop growing leaves or fruit and instead, thinking they are at the end of their life, send up a flower, which will quickly go to seed. Once this flower is present, which the plant focuses all its energy on, the fruit and leaves will become bitter. Unfortunately, there's nothing you can do to "solve" bolting, except pull the plant and start over. And heat isn't the only threat: Fruit and leaves can also experience sun scald, which is basically a sunburn. You can see these spots on your tomatoes and pumpkins, which appear white, rather than red like they would on human skin. In most cases, plants will survive sunburn, but it puts the plant under additional stress and makes it more susceptible to other garden threats like disease. The best solution is to choose plants that will tolerate heat spikes, and then provide some support to your plants by watering evenly, giving shade when you can in the afternoon sun, and not planting, transplanting, or fertilizing during these spikes, all of which are stressful for plants. Greens that will survive a heat spikeWhile there are bolt-resistant lettuces you can grow, a true heat dome is simply too much stress, and most lettuce will go to seed. For heat-resistant greens, consider kale, which is hardy in both extreme cold and heat. Collards, known for the greens they produce, are also going to survive a heat wave without wilting, which is why they're popular across the south. The crop you might not have heard of yet is malabar spinach. While traditional spinach is a spring and shoulder season crop and won't do well even in an average summer, malabar (which is not actually related to real spinach) is a vining plant from India that tastes remarkably similar and has become popular for its resilience. Okra and corn are at home in the heatConsidering crops that have been popular in geographies that experience more heat than we're used to is a good strategy for finding vegetables that'll survive extreme temperatures. Okra is from Ethiopia, so heat resistance is part of the plant's DNA. Okra sometimes gets a bad rap for becoming slimy in recipes, but I urge you to consider growing it. There are two varieties of okra: I recommend only planting the spineless variety. The "spines" are spikes that can make touching and harvesting okra painful. Credit: Amanda Blum Corn may be a resource hog in your garden, requiring a lot of additional nitrogen to be productive, but it is also highly tolerant. Corn can survive in over 110 degree temperatures and still produce crops reliably, so long as those temperature spikes aren't extended. A true summer crop, corn needs 70 degree weather to grow, which is why you wait until June to plant corn seed. Vining plants like luffa, tepary beans, and yardlong beans To be fair, most people don't eat luffa (though you can); they know it instead as loofah, a sponge-like material used in "natural" scrubbing. But truly, luffa is a form of vining squash, which will grow prolifically, adores the sun, and thrives in prolonged heat. When the fruit is allowed to dry on the vine, the flesh can be stripped off, leaving behind the luffa, which looks precisely like loofah you purchase, and can be used immediately. There are plenty of pole beans (beans that climb, as opposed to bush beans, which do not) that originated in hot climates and will do well in a heat wave. Tepary beans, for instance: These beans are native to the Southwest U.S. and Mexico, and will spend the summer climbing and producing pods. Harvest them in the fall before the rain starts, and store them as dry beans. Yardlong beans are closer to a green bean. Still a vining bean, they can produce beans that are well over a foot long, as their name suggests. These summer stars prefer less water, and they will thrive anywhere they have support, like a trellis. Soybeans need the heatWhile not a vining bean, but a bush bean, soybeans are an easy crop to grow if you've got enough heat. These sun-tolerant plants will produce a limited amount of pods per plant, so they need to be grown in groups, but they require almost no support except watering. Harvest the pods and eat the beans steamed fresh, as you would in your favorite Japanese restaurant, or dry them to make soy milk or tofu. Squash and melons love the heatThere are two kinds of squash: summer and winter. Summer squash includes crops like zucchini, yellow squash, and pumpkins. Winter squash includes crops like acorn squash, butternut, spaghetti, and others. Both kinds of squash are traditionally grown in summer, and both are surprisingly resilient in heat. While you might experience sunburn on some fruit, squash is famous for providing shade due to the large leaves, and they will not only take care of most fruit, shielding it, but will also protect nearby plants by shading them, as well. So long as you keep your melons apart from your cucumbers and squash so they don't cross pollinate, your vining melons are likely to survive a heat wave with the same caveats as squash: Look for fruit that is exposed and cover it from sunburn, but the plant will mostly take care of that on its own. Sweet potatoes are built for high tempsOriginally from Polynesia, sweet potatoes are an excellent crop for beginning gardeners. They're easy to cultivate seedlings (called slips) from any sweet potato you bring home from the store. Once planted, they produce prolific above-ground vines that are showy with flowers, while below ground the potatoes grow over 120 days. These plants not only tolerate but thrive in heat.

1. Irregular Sleep Pattern Glasgow-based Irregular Sleep Pattern takes textiles to a whole new geometric level. Launched in 2020 by wife & husband team Jolene Crawford and Mil Stricevic, the duo grew tired of not finding cool bedding and sleepwear in bold patterns and fun colors that aligned with their aesthetic. Eschewing the typical nature of the fashion business which can produce excess and unnecessary waste, the pair follow their own path and add prints and products as they desire and not according to the seasonal fashion calendar. From mix and match pajamas to robes (and even eye masks), to duvet covers, sheets, and throws, Irregular Sleep Pattern will elevate not only your sleep game, but your home’s decor too. 2. Ippei Tsujio’s Bread Wrapping Paper Japanese graphic designer Ippei Tsujio has created wrapping paper that will turn any gift into something that looks good enough to eat. The tasty trio of realistic paper comes in a baguette, loaf, and ciabatta design that’s been making the rounds on Instagram lately. And while they aren’t yet available, Tsujio states on IG that they will be selling the no-carb designs soon. 3. Stella McCartney x Hydefy Fungi Crossbody Bag Stella McCartney’s groundbreaking Stella McCartney x Hydefy Fungi Crossbody Bag marks a bold leap forward in sustainable luxury. Debuting on the Spring/Summer 2025 runway, the Stella Ryder – crafted from Hydefy’s innovative fungi-based material – is the brand’s most sophisticated vegan handbag to date. With a sculptural design inspired by a horse’s back and a striking silver metallic finish, the bag shows how high fashion can embrace environmental responsibility without compromising elegance or durability. Hydefy’s cutting-edge material offers a refined, high-performance alternative to leather, ushering in a new era of eco-conscious design for luxury accessories and beyond. 4. Giant Agua Beach Towel by Volver Bring the sunshine with you wherever you go this summer with Volver’s vibrant and oversized Agua beach towel. Designed in Portugal, these super fun towels radiate pure vacation energy with playful blush pink and sunflower yellow shades woven in a graphic pattern. Made from 100% Oeko Tex certified cotton, it’s soft, absorbent, and lightweight – perfect for beach days, pool lounging, or sunny park visits. With its square(ish) 79″ x 83″ shape, fringed edges, and branded details, the Agua towel is big enough to share and stylish enough to stand out. Volver also makes smaller beach towels in other other colors if you’d rather not share ;) 5. Le Corbusier: Le Grand book from Phaidon Coming October 2025 from Phaidon, the new edition of Le Corbusier: Le Grand is a landmark visual biography celebrating one of the most influential architects of the twentieth century. Richly illustrated with sketches, photographs, and personal correspondences, this monumental book offers an intimate and comprehensive look at Le Corbusier’s groundbreaking work and complex persona. Spanning his prolific career across architecture, design, and urban planning, the book reveals the depth of his creative vision and enduring impact on the built environment. A must-have for architecture enthusiasts and design aficionados alike!

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

Peter David, the highly regarded novelist and writer of comics like The Incredible Hulk, Young Justice, and X-Factor, has died at 68. The news was confirmed by David's friend and colleague Keith R.A. DeCandido via Facebook.David enjoyed a long and prolific career at Marvel and DC over several decades. He may be best remembered for his 12-year run on Marvel's The Incredible Hulk series, a sprawling saga that redefined the relationship between Bruce Banner and his alter ego and earned David and artist Dale Keown an Eisner Award in 1992. As much as Frank Miller is viewed as the definitive Daredevil writer/artist and Chris Claremont the definitive X-Men writer, David is widely regarded as the most important and influential Hulk writer of all time. Art by George Perez. (Image Credit: Marvel)David is also well known for co-creating Spider-Man 2099 and for his two runs on X-Factor. David's original X-Factor run saw the team, which was originally a reunion of the original five X-Men, remade into a government-sanctioned mutant strike force. His second X-Factor run again reinvented the team, this time as a detective agency led by Madrox the Multiple Man. At DC, David enjoyed successful and influential stints on books like Aquaman, Supergirl, and Young Justice. David also regularly worked on the Star Trek franchise in both comic book and prose form, with his best-known Trek work being the 1994 novel Q-Squared. Outside of books and comics, David worked on television shows like Babylon 5, Young Justice, and Ben 10: Alien Force and wrote video games like Shadow Complex and Spider-Man: Edge of Time.A Visual History of HulkDavid suffered from poor health in recent years, beginning with a stroke in 2012. His health issues prompted family friend Graham Murphy to organize a GoFundMe campaign in 2022 and again in 2025. David is survived by his wife, Kathleen O'Shea David, and his four children.Jesse is a mild-mannered staff writer for IGN. Allow him to lend a machete to your intellectual thicket byfollowing @jschedeen on BlueSky.