New Alfa Romeo Stelvio unearthed ahead of time
A new Alfa Romeo Stelvio is due soon and its styling has been unearthed ahead of its official release. The Stelvio has been on sale for nearly a decade, so a new one is well overdue.
These grainy images of the next-generation Stelvio have surfaced via trademark filings, fully unveiling the redesign. The familiar Alfa cues—most notably the scudetto grille and distinctive alloy wheels—are still present, but much of the styling takes the brand in a new direction. Slim upper DRLs and main headlights tucked into the bumper are quite Germanic looking.
Notably, the lack of visible exhaust pipes on the trademarked images hints strongly at a full-electric variant leading the charge, though Alfa Romeo has confirmed that internal combustion options will remain available for buyers not quite ready to plug in.
Read more 2024 Alfa Romeo Tonale Ti review and Alfa Romeo Festa
From the side profile, it looks like the New Alfa Romeo Stelvio is set to grow in size. The addition of flush door handles and a floating roof effect, along with the repositioned quarter glass behind the rear doors, suggest a design honed for both visual drama and aerodynamic efficiency.
At the rear, oval taillights blend into a triangular form on the tailgate. A square-cut tailgate and what appears to be a panoramic sunroof hint at practicality to match the new aesthetic flair.
Underpinning the new Stelvio is Stellantis' STLA Large platform, replacing the Giorgio architecture. This shift will bring greater flexibility in powertrains, including full EVs, while allowing the Stelvio to grow to roughly 4.76 metres or beyond. It's a move that also future-proofs the model as emissions standards tighten worldwide.
Performance enthusiasts will be pleased to know that thanks to loosened Euro 7 regulations, Alfa Romeo is keen to retain its own twin-turbo 2.9-litre V6 for future Quadrifoglio models, despite earlier speculation around a Dodge-sourced Hurricane inline-six.
The New Alfa Romeo Stelvio is set for an official unveiling later this year.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
05-06-2025
- Techday NZ
Rapid7 Q1 2025 incident response findings
Rapid7's Q1 2025 incident response data highlights several key initial access vector (IAV) trends, shares salient examples of incidents investigated by the Rapid7 Incident Response (IR) team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware appearing in incident logs. Is having no MFA solution in place still one of the most appealing vulnerabilities for threat actors? Will you see the same assortment of malware regardless of whether you work in business services or media and communications? And how big a problem could one search engine query possibly be, anyway? The answer to that last question is "very," as it turns out. As for the rest… Initial access vectors Below, we highlight the key movers and shakers for IAVs across cases investigated by Rapid7's IR team. While you'll notice a fairly even split among several vectors such as exposed remote desktop protocol (RDP) services and SEO poisoning, one in particular is clearly the leader of the pack where compromising organisations is concerned: stolen credentials to valid/active accounts with no multi-factor authentication (MFA) enabled. Valid account credentials — with no MFA in place to protect the organisation should they be misused — are still far and away the biggest stumbling block for organisations investigated by the Rapid7 IR team, occurring in 56% of all incidents this first quarter. Exposed RDP services accounted for 6% of incidents as the IAV, yet they were abused by attackers more generally in 44% of incidents. This tells us that third parties remain an important consideration in an organisation's security hygiene. Valid accounts / no MFA: Top of the class Rapid7 regularly bangs the drum for tighter controls where valid accounts and MFA are concerned. As per the key findings, 56% of all incidents in Q1 2025 involved valid accounts / no MFA as the initial access vector. In fact, there's been very little change since Q3 2024, and as good as no difference between the last two quarters: Vulnerability exploitation: Cracks in the armour Rapid7's IR services team observed several vulnerabilities used, or likely to have been used, as an IAV in Q1 2025. CVE-2024-55591 for example, the IAV for an incident in manufacturing, is a websocket-based race condition authentication bypass affecting Fortinet's FortiOS and FortiProxy flagship appliances. Successful exploitation results in the ability to execute arbitrary CLI console commands as the super_admin user. The CVE-2024-55591 advisory was published at the beginning of 2025, and it saw widespread exploitation in the wild. One investigation revealed attackers using the above flaw to exploit vulnerable firewall devices and create local and administrator accounts with legitimate-looking names (e.g., references to "Admin", "I.T.", "Support"). This allowed access to firewall dashboards, which may have contained useful information about the devices' users, configurations, and network traffic. Policies were created which allowed for leveraging of remote VPN services, and the almost month-long dwell time observed in similar incidents may suggest initial access broker (IAB) activity, or a possible intended progression to data exfiltration and ransomware. Exposed RMM tooling: A path to ransomware As noted above, 6% of IAV incidents were a result of exposed remote monitoring and management (RMM) tooling. RMMs, used to remotely manage and access devices, are often used to gain initial access, or form part of the attack chain leading to ransomware. One investigation revealed a version of SimpleHelp vulnerable to several critical privilege escalation and remote code execution vulnerabilities, which included CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. These CVEs target the SimpleHelp remote access solution. Exploiting CVE-2024-57727 permits an unauthenticated attacker to leak SimpleHelp "technician" password hashes. If one is cracked, the attacker can log-in as a remote-access technician. Lastly, the attacker can exploit CVE-2024-57726 and CVE-2024-57728 to elevate to SimpleHelp administrator and trigger remote code execution, respectively. CVE-2024-57727 was added to CISA KEV in February 2025. The vulnerable RMM solution was used to gain initial access and threat actors used PowerShell to create Windows Defender exclusions, with the ultimate goal of deploying INC Ransomware on target systems. SEO poisoning: When a quick search leads to disaster SEO poisoning, once the scourge of search engines everywhere, may not be high on your list of priorities. However, it still has the potential to wreak havoc on a network. Here, the issue isn't so much rogue entries in regular search results, but instead the paid sponsored ads directly above typical searches. Note how many sponsored results sit above the genuine site related to this incident: Multiple sponsored searches above the official (and desired) search result This investigation revealed a tale of two search results, where one led to a genuine download of a tool designed to monitor virtual environments, and the other led to malware. When faced with both options, a split-second decision went with the latter and what followed was an escalating series of intrusion, data exfiltration and—eventually—ransomware. An imitation website offering malware disguised as genuine software On the same day of initial compromise, the attacker moved laterally using compromised credentials via RDP, installing several RMM tools such as AnyDesk and SplashTop. It is likely that the threat actor searched for insecurely stored password files and targeted password managers. They also attempted to modify and/or disable various security tools in order to evade detection, and create a local account to enable persistence and avoid domain-wide password resets. An unauthorised version of WinSCP was used to exfiltrate a few hundred GB of sensitive company data from several systems, and with this mission accomplished only a few tasks remained. The first: attempting to inhibit system recovery by tampering with the Volume Shadow Copy Service (VSS), clearing event logs, deleting files, and also attempting to target primary backups for data destruction. The second: deployment of Qilin ransomware and a blackmail note instructing the victim to communicate via a TOR link lest the data be published to their leak site. Qilin ranked 7 in our top ransomware groups of Q1 2025 for leak post frequency, racking up 111 posts from January through March. Known for double-extortion attacks across healthcare, manufacturing, and financial sectors, Qilin (who, despite their name, are known not to be Chinese speakers, but rather Russian-speaking) has also recently been seen deployed by North Korean threat actors Moonstone Sleet. Attacker behaviour observations Bunnies everywhere: Tracking a top malware threat BunnyLoader, the Malware as a Service (MaaS) loader possessing a wealth of capabilities including clipboard and credential theft, keylogging, and the ability to deploy additional malware, is one of the most prolific presences Rapid7 has seen this first quarter of 2025. In many cases, it's also daisy-chained to many of the other payloads and tactics which make repeated appearances. To really drive this message home: BunnyLoader is the most observed payload across almost every industry we focused on. Whether we're talking manufacturing, healthcare, business services or finance, it's typically well ahead of the rest of the pack. Here are our findings across the 5 most targeted industries of Q1: BunnyLoader is in pole position not only for the 5 industries shown above, but across 12 of 13 industries overall, with 40% of all incidents observed involving this oft-updated malware. Just over half of that 40% total involved a fake CAPTCHA (commonly used for the purpose of victims executing malicious code), with malicious / compromised sites appearing in a quarter of BunnyLoader cases. Rogue documents, which may be booby-trapped with malware or pave the way for potential phishing attacks, bring up the rear at just 9% of all BunnyLoader appearances recorded. First offered for sale in 2023 for a lifetime-use cost of $250, its continued development and large range of features make it an attractive proposition for rogues operating on a budget. Targeted organisations: The manufacturing magnet Manufacturing organisations were targeted in more than 24% of incidents the Rapid7 IR team observed, by far the most targeted industry in Q1 based on both Rapid7's ransomware analytics and IR team observations. The chart below compares Rapid7's industry-wide data (comprising a wide range of payloads and tactics) with ransomware leak post specific data. In both cases, manufacturing is a fair way ahead of other industries; this reflects its status as one of the most popular targets for ransomware groups over the last couple of years. The manufacturing industry is an attack vector for nation states because it is an important component of global trade. It is also an area that has many legacy and older, operational technologies (OT). Combine unpatched legacy systems with complicated supply chains, and you have a risk that nation state actors will find an attractive target. This is especially the case when considering that many manufacturing organisations have critical contracts with governments, and attacks can cause severe disruption if they're not speedily resolved. Conclusion Q1 2025 resembles a refinement of successful tactics, as opposed to brand new innovations brought to the table. Our Q1 ransomware analytics showed threat actors making streamlined tweaks to a well-oiled machine, and we find many of the same "evolution, not revolution" patterns occurring here. This progression is particularly applicable in the case of initial access via valid accounts with no MFA protection. We expect to see no drop in popularity while businesses continue to leave easy inroads open and available to skilled (and unskilled) attackers. In addition, the risk of severe compromise stemming from seemingly harmless online searches underscores the necessity for organisations to reexamine basic security best practices, alongside deploying robust detection and response capabilities. Businesses addressing these key areas for concern will be better equipped to defend against what should not be an inevitable slide into data exfiltration and malware deployment.
NZ Autocar
30-05-2025
- NZ Autocar
First official pictures emerge of new Jeep Cherokee
The first images of the next-generation Jeep Cherokee were released by Stellantis overnight. And it resembles an enlarged Compass. It is another Jeep that will come with the option of EV power. Spy shots of camouflaged Cherokees emerged earlier this year. Due for an official debut late in 2025, new Cherokee is expected to launch globally in 2026. The first images of this new LR Discovery competitor suggest that it borrows styling cues from the recently revealed Compass. Underneath, this new version will bear no relation to its predecessor. For it will utilise the new Stellantis STLA Large underpinnings. That means it can be offered with hybrid and pure-electric power. Jeep has not confirmed which will debut first, nor are any technical details available. However, it will be closely related to the next-generation Alfa Romeo Stelvio; the pair share the same platform. The first images emerged just days after former Jeep CEO Antonio Filosa was named as the new CEO of Stellantis. His replacement at Jeep, CEO Bob Broderdorf, said: 'The all-new Jeep Cherokee headlines our efforts to deliver more product, innovation, choice and standard content to customers than ever before. 'Jeep Cherokee will boast competitive pricing that strikes at the core of the largest vehicle segment and sits perfectly between Jeep Compass and Jeep Grand Cherokee to bolster our winning mainstream line-up.' Heritage is everything for new Jeep models. These pictures confirm that the new Cherokee shares several design cues with the electric Wagoneer S, such as the sloping roofline, rear doors set into the wheel arches and door handles recessed into the body. Up front is a more prominent version of Jeep's seven-slot grille, mirroring that on the latest Compass. The ICE version of the new Cherokee may get the twin-turbocharged 3.0-litre 'Hurricane' straight six from the petrol-powered Wagoneer and Grand Wagoneer. They are offered with outputs of 313 and 380kW. Read our 2025 Jeep Wrangler Overland review. Expect the electric Cherokee to come with the 447kW dual-motor, four-wheel-drive powertrain out of the Wagoneer S. This is powered by a 118kWh NMC battery pack, giving it a range of 485km (EPA test), so at least 500km on the WLTP regime. On the inside is an infotainment touchscreen similar to the 12.3-in unit featured in the Wagoneer S. It features rotary control dials on its sides. Climate functions are operated using a touchbar recessed into the dashboard below the main screen. Jeep Recon has removable doors, like the outgoing Wrangler. In other Jeep news, the Grand Cherokee will be withdrawn from sale in Europe soon to make room for the Wagoneer S. And the same may happen to the Wrangler, succeeded by the upcoming Recon EV (above).
NZ Autocar
30-05-2025
- NZ Autocar
Antonio Filosa from Jeep is the new Stellantis CEO
Stellantis has announced ex-Jeep CEO Antonio Filosa is its new CEO, replacing Carlos Tavares. Filosa will report to Stellantis chairman John Elkann. A new leadership team will be named shortly for the 14 brands under the Stellantis umbrella. Tavares was ousted from the CEO position following falling sales in the US. The company says Filosa was selected as Tavares's replacement based on his proven track record, and leadership skills. His global management experience was also taken into consideration. Filosa is Italian and joined Fiat in 1999. He eventually became COO of FCA Latin America. In 2021, he became COO for Stellantis South America and then global CEO of Jeep in late 2023. He oversaw the launch of the Jeep Avenger crossover. This EV has driven substantial growth for Jeep in Europe. Filosa also oversaw development of Recon and Wagoneer S. More recently, he launched the new-generation Jeep Compass which should boost Jeep sales globally. Moreover, he briefly held the post of COO for the Americas. There he drove a significant reduction in dealer stock, among other things. Of his new position, Filosa said: 'It is my great honour to be named the CEO of this fantastic company. I am grateful…for the confidence they have placed in me to lead our business during this pivotal time for our industry. 'I have always been inspired by the immense talent, passion and commitment of our people at Stellantis and the power of trusting our teams to achieve excellence. 'We have the world's best and most iconic brands in automotive history and an over 100-year heritage of innovation. 'That legacy, combined with our relentless dedication to giving our customers the products and services they love, will continue to be key to our success.' Elkann said: 'Antonio's deep understanding of our company…and of our industry equip him perfectly for the role of chief executive officer…' 'I have worked closely with Antonio over the past six months… and his strong and effective leadership…have confirmed the excellent qualities he brings to the role. 'Together with the entire board, I look forward to working with him.'
