Control Resonant launches globally on PS5 on September 24, and Remedy is making a cleaner break from the first game than a new city alone would suggest. Dylan Faden, not Jesse, is the playable character this time.

That choice gives the sequel a sharper charge. Dylan was once treated as a threat, but Control Resonant puts him at the center of a story about power, damage, and the bond that still ties him to Jesse.

Why put Dylan in control now

Dylan gives Control Resonant a way back into the Faden story without replaying Jesse’s rise through the Federal Bureau of Control. He carries a different kind of history, one shaped less by discovery than by fallout.

The change also reaches into combat. Dylan uses the Aberrant, a shapeshifting weapon built around aggressive close-range action, which gives him a different rhythm from Jesse and her Service Weapon.

That helps the handoff feel more intentional. Remedy isn’t simply changing the face on screen. It’s giving players a new body language for the same haunted universe.

What changes when Jesse steps aside

Jesse’s arc was about forcing answers out of a hostile institution. Dylan begins from a more damaged place, with the consequences of that world already written into him.

That puts Jesse and Dylan’s unresolved history under real pressure. Jesse is still part of the frame, but Dylan carrying the playable perspective forces the sequel to face the damage between them instead of leaving it on the edge of the lore.

The warped Manhattan setting gives that conflict more room to breathe. Moving beyond the Oldest House lets Remedy expand the threat while keeping the Faden family wound close to the action.

What should players watch next

Pre-orders are open now, but the bigger question is how Remedy handles the handoff from Jesse to Dylan. The risk isn’t that Dylan lacks story potential. It’s whether Control Resonant can make his central role feel earned without flattening Jesse’s importance.

The PS5 Digital Deluxe Edition includes 48-hour advance access, so some players can start on September 22 instead of September 24. Everyone else should watch the same thing when launch arrives, whether Dylan Faden can carry the emotional weight the first game left unresolved.

The UK’s Competition and Markets Authority has imposed binding rules on Google’s search services in a move it calls a world first.

The UK’s competition regulator has formally required Google to let publishers opt out of having their content used to power AI features in search, including its AI Overviews product.

The Competition and Markets Authority (CMA) imposed the conduct requirement today (3 June) under the UK’s digital markets competition regime, making it the first binding ruling of its kind to be issued against a major tech platform in the UK.

Following consultation feedback, publishers will also be able to opt out of their content being used for the fine-tuning of Google’s AI models, giving them control over the full range of AI use cases of their content. Google will also be required to attribute publisher content clearly, using links, in AI-generated search results.

The CMA said the requirement would put publishers, including news organisations, in a stronger position to negotiate content deals with Google.

The ruling follows Google’s designation in October 2025 as having strategic market status in UK search, a formal finding of substantial and entrenched market power that gave the CMA the power to impose targeted rules on the company.

The CMA said it was also responding to Google’s announcement in May that it planned significant changes to its search platform to further embed AI technologies, which the regulator said could fundamentally change how search results are presented to UK users. Today’s requirement will apply to those changes.

“Today, we have introduced a world-first requirement on Google’s search services in the UK, enabling fair treatment, greater transparency and meaningful choice for businesses and consumers,” said Sarah Cardell, CEO of the CMA.

“With features like AI Overviews rapidly reshaping online search, it is crucial that content publishers, including news organisations, have appropriate bargaining power over how their content is used.”

A spokesperson for Google pointed siliconrepublic.com to its official blog post reaction to the announcement, saying it would begin testing a new toggle in Search Console allowing website owners to decide whether their content appears in AI Overviews, AI Mode and related features. Sites that opt out will not receive traffic or impressions from those features, Google said, and the setting will not affect rankings in standard search results.

The company also said it would roll out new performance insights in Search Console showing publishers which of their pages appear in AI responses and in which countries.

Google said it would begin the rollout to a subset of website owners in the UK first, “allowing for thorough testing before rolling them out to website owners globally”.

The blog post, written by Mrinalini Loew, general manager of Google Search Ecosystem, did not directly address the CMA’s ruling but framed the changes as part of Google’s own initiative to give website owners more control as user behaviour shifts toward AI-powered search. Google said AI Overviews now has over 2.5bn monthly active users and AI Mode has surpassed one billion.

Google has nine months to implement all required changes under the CMA’s conduct requirement, though the regulator said it expects the key publisher controls to be available well before that deadline. Google must submit compliance reports every six months in the first year, backed by data and metrics.

Cardell confirmed that further action in relation to Google’s search business would be announced in the coming weeks. The CMA said it has now launched four strategic market status investigations into major tech companies since the digital markets regime came into force last year, covering Google, Apple and Microsoft.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications.

The project is based on the open-source uutils project, a cross-platform rewrite of the GNU coreutils in Rust, and is designed to make it easier for developers to switch between Linux, macOS, Windows, and Windows Subsystem for Linux (WSL) without changing workflows.

“Developers constantly move between platforms, but familiar commands don’t work consistently, forcing workarounds, lost speed and context switching,” announced Microsoft.

“To address this, we’ve built Coreutils for Windows from the uutils open-source project, a cross-platform reimplementation of GNU Coreutils in Rust. These are Linux-like command-line utilities that run natively on Windows.”

According to Microsoft, the goal is to make existing commands and tools work across platforms so that scripts can be used on Windows without modification or other tools.

The Coreutils for Windows project has also been released on GitHub as a Microsoft-maintained package that combines uutils/coreutils, findutils, and a GNU-compatible grep implementation into a single binary.

Linux utilities running natively on Windows

Coreutils for Windows includes numerous commands commonly used in Linux, such as cat, cp, find, grep, hostname, ls, mv, pwd, rm, sleep, tee, and uptime.

The utilities can be installed through WinGet using the following command:

winget install Microsoft.Coreutils

Rather than creating separate executables for each program, Microsoft created a single coreutils.exe binary that contains all the functionality of each program.

When Coreutils for Windows is installed, the setup creates NTFS hardlinks for each supported command, such as ls.exe, cp.exe, cat.exe, and rm.exe, that all point to the c:\Program Files\coreutils\coreutils.exe executable.

When a user launches one of these commands, Windows loads coreutils.exe, which determines which utility to run based on the name of the command that was executed. This allows Microsoft to maintain a single executable while still providing individual Linux-style commands.

Running fsutil hardlink list coreutils.exe shows dozens of command names, including cat.exe, cp.exe, cut.exe, base64.exe, and others, all referencing the same file on disk.

As many Linux command names conflict with existing Command Prompt and PowerShell commands, Microsoft shared a compatibility table showing how each utility behaves in different Windows shells.

For example, commands such as ls, cat, cp, mv, rm, pwd, sleep, and tee are included with the package.

However, whether the Coreutils version is executed depends on the shell being used, the order of directories in the system PATH, and the PowerShell alias table.

Other commands, including dir, more, paste, and whoami, are not shipped because they conflict with existing Windows commands.

Microsoft also did not release several popular Unix utilities that rely on POSIX functionality, which is unavailable on Windows, including chmod, chown, chroot, nohup, tty, and who.

The company says they also did not release the ‘kill’ or ‘timeout’ commands, as Windows does not support POSIX signals, though this may be possible in the future.

Microsoft also warns that there may be differences between Linux functionality and how commands work in Windows due to differences in line feeds, file permissions, and POSIX support.

Coreutils for Windows was announced as part of Microsoft’s strategy to make Windows a developer-friendly platform.

During Build 2026, the company also announced WSL containers, which will provide a built-in way to create, run, and interact with Linux containers on Windows using native CLI and API tools.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Advertisement

Download Now

Megaport spent a decade as a company you used to connect to other people’s clouds. On Wednesday it announced a plan to become one. The Australian networking firm secured four new AI infrastructure contracts worth a combined A$458.9M (about $329M) and launched a fully underwritten entitlement offer to raise A$827.3M (about $594M), according to its filing. The money funds a pivot from plumbing to compute.

The contracts come first. All four are with US-based technology providers running AI applications, are expected to start in the first half of 2027, and require nearly A$369.5M in capital expenditure, mostly for high-performance Nvidia GPUs alongside network and storage. That is a meaningful commitment for a company of Megaport’s size, and it explains why the raise is so large relative to the business.

What the capital is really buying is the strategy behind the contracts. Megaport says it will build a globally distributed AI inference cloud, anchored by an on-demand GPU pool backed by about A$350M in investment and offered to enterprise customers on both contracted and consumption-based pricing.

The pool is to be deployed across the company’s existing footprint of more than 1,100 connected data centres in 31 countries, with rollout over the next six to nine months.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The bet is geographic. Most GPU capacity today sits in a handful of enormous data centres optimised for training the largest models. Megaport is targeting the other half of the AI workload: inference, the act of running a trained model to answer a query, which benefits from being close to the user.

Its pitch is that a distributed network of smaller GPU pools, spread across the data centres it already connects, fits inference better than centralised mega-campuses, and slots into the gap between hyperscaler clouds and single-location GPU specialists.

It is a credible reading of where AI infrastructure is heading. As models move from research demos into products embedded in real applications, the economics shift from training to serving, and serving rewards proximity and distribution.

Megaport already owns the network that links the locations where that compute would live, which is a genuine structural advantage if the thesis holds.

The numbers around the raise were briefly muddled across early coverage, which is worth untangling. The four contracts are worth A$458.9M in total contract value; the capital raise is A$827.3M; the GPU pool commitment is about A$350M.

Several headlines collapsed these into a single figure. They are distinct: contract wins, the money to fund them, and the specific compute investment inside that money.

Megaport also tightened its 2026 revenue guidance to A$307M–A$315M and projected combined group pro forma annual recurring revenue of A$662.9M once the compute division is folded in. The shares were halted while the raise was arranged, a standard mechanism for a deal of this scale on the ASX.

The risk is the obvious one for any company spending heavily on Nvidia GPUs on the strength of contracts that begin in 2027: that AI infrastructure demand, and pricing, may look different by the time the hardware is installed and earning.

Megaport is committing capital now against revenue that lands later, in a market moving fast enough that 18 months is a long time. The contracts give it a floor. The inference-cloud ambition is the part that has to compound, and that is the part the A$827M is really betting on.

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.

Microsoft classifies a software flaw as a zero-day if it is publicly disclosed and/or actively exploited with no official patch currently available.

As researcher Ammar Askar explained in a blog post on Tuesday, this VS Code vulnerability allows attackers to install malicious extensions that steal GitHub OAuth tokens when they are passed to github.dev (a browser-based version of Visual Studio Code used to work on GitHub repositories) by exploiting VS Code’s sandboxed webview message-passing system.

The proof-of-concept exploit he also released on Tuesday abuses this system by running malicious JavaScript inside a webview to simulate keypresses in the main editor and install an extension that extracts the GitHub OAuth token sent to github.dev and queries the GitHub API to enumerate all private repositories the victim can access.

“This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf,” Askar said. “The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to.”

While the vulnerability is not yet patched and has not yet been assigned a CVE ID, VS Code users can protect themselves by clearing cookies and local site data for github.dev in their browser by clicking the Settings icon in the URL bar, and then going into Cookies and site data > Manage on-device site data.

This will ensure that they will get a “The extension ‘GitHub Repositories’ wants to sign in using GitHub.” warning when clicking on links attempting to exploit this flaw.

​Askar said they notified GitHub one hour before disclosing the bug and noted that they chose immediate public disclosure due to a prior negative experience with Microsoft’s security response process, in which a previously reported VS Code bug was silently fixed without credit or acknowledgment of the security impact.

“That was mostly a courtesy to GitHub, the intent here was full public disclosure. In my past experience reporting github.dev bugs to them, they tell you that it’s out of scope and go report it to MSRC. And as I outlined in the article, I really don’t want to deal with MSRC on VSCode bugs,” he added.

“To summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed ‘the bug I pointed out without any credit. They also marked it as not having any security impact.

“As I mentioned in that post, going forward I would be doing full public disclosure for any security bugs I found in VSCode.”

This follows another stream of zero-days in various Microsoft products disclosed by an anonymous security researcher using the ‘Nightmare Eclipse’ online handle who also expressed his discontent with how the Microsoft Security Response Center (MSRC) handles the disclosure process.

Over the past several months, Nightmare Eclipse disclosed the BlueHammer, RedSun, GreenPlasma, and MiniPlasma privilege escalation zero-day flaws (the first two now being exploited in attacks), YellowKey (a Windows BitLocker zero-day that grants access to protected drives), and UnDefend (another zero-day that can be exploited to block Microsoft Defender definition updates).

Initially, Microsoft reacted to Nightmare Eclipse’s zero-day leaks with threats of legal action, followed by a tweet stating it would work “with law enforcement as appropriate” when “an individual breaks the law and engages in malicious activity causing real harm to our customers.”

BleepingComputer reached out to Microsoft for a comment on the VS Code zero-day flaw disclosed by Askar, but a response was not immediately available.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

Healthcare cybersecurity in 2026 is defined less by novel attack techniques than by a widening gap between which controls organizations report having and which controls are reducing loss.

Our portfolio data from 2023 through mid-2025 shows that social engineering, backup gaps, and weak data governance drive the majority of material losses in healthcare claims.