A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.
Microsoft classifies a software flaw as a zero-day if it is publicly disclosed and/or actively exploited with no official patch currently available.
As researcher Ammar Askar explained in a blog post on Tuesday, this VS Code vulnerability allows attackers to install malicious extensions that steal GitHub OAuth tokens when they are passed to github.dev (a browser-based version of Visual Studio Code used to work on GitHub repositories) by exploiting VS Code’s sandboxed webview message-passing system.
The proof-of-concept exploit he also released on Tuesday abuses this system by running malicious JavaScript inside a webview to simulate keypresses in the main editor and install an extension that extracts the GitHub OAuth token sent to github.dev and queries the GitHub API to enumerate all private repositories the victim can access.
“This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf,” Askar said. “The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to.”
While the vulnerability is not yet patched and has not yet been assigned a CVE ID, VS Code users can protect themselves by clearing cookies and local site data for github.dev in their browser by clicking the Settings icon in the URL bar, and then going into Cookies and site data > Manage on-device site data.
This will ensure that they will get a “The extension ‘GitHub Repositories’ wants to sign in using GitHub.” warning when clicking on links attempting to exploit this flaw.
Askar said they notified GitHub one hour before disclosing the bug and noted that they chose immediate public disclosure due to a prior negative experience with Microsoft’s security response process, in which a previously reported VS Code bug was silently fixed without credit or acknowledgment of the security impact.
“That was mostly a courtesy to GitHub, the intent here was full public disclosure. In my past experience reporting github.dev bugs to them, they tell you that it’s out of scope and go report it to MSRC. And as I outlined in the article, I really don’t want to deal with MSRC on VSCode bugs,” he added.
“To summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed ‘the bug I pointed out without any credit. They also marked it as not having any security impact.
“As I mentioned in that post, going forward I would be doing full public disclosure for any security bugs I found in VSCode.”
This follows another stream of zero-days in various Microsoft products disclosed by an anonymous security researcher using the ‘Nightmare Eclipse’ online handle who also expressed his discontent with how the Microsoft Security Response Center (MSRC) handles the disclosure process.
Over the past several months, Nightmare Eclipse disclosed the BlueHammer, RedSun, GreenPlasma, and MiniPlasma privilege escalation zero-day flaws (the first two now being exploited in attacks), YellowKey (a Windows BitLocker zero-day that grants access to protected drives), and UnDefend (another zero-day that can be exploited to block Microsoft Defender definition updates).
Initially, Microsoft reacted to Nightmare Eclipse’s zero-day leaks with threats of legal action, followed by a tweet stating it would work “with law enforcement as appropriate” when “an individual breaks the law and engages in malicious activity causing real harm to our customers.”
BleepingComputer reached out to Microsoft for a comment on the VS Code zero-day flaw disclosed by Askar, but a response was not immediately available.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
The initiative is based on agreements with the Luxembourg Institute of Science and Technology, Munster Technological University, LuxProvide and ICHEC, Ireland’s national high performance computing centre.
The Kerry-based innovation nonprofit RDI Hub will aim to help Irish firms and public bodies move faster from AI experimentation to deployment through a new partnership initiative with organisations in Ireland and Luxembourg.
The ‘AI Gateway’ collaboration is based on agreements with the Luxembourg Institute of Science and Technology (LIST), Munster Technological University (MTU), LuxProvide and ICHEC, Ireland’s national high-performance computing centre.
The bodies will facilitate the building, testing and securing of AI systems and create a cross-border pathway linking Irish demand with Luxembourg’s ‘AI Factory’, sandbox and sovereign infrastructure capabilities, as well as providing opportunities for Irish research and cybersecurity expertise to contribute into that wider European ecosystem, RDI Hub said.
Ireland’s European commissioner Michael McGrath said the gateway would assist in “breaking down barriers, ending fragmentation and giving Irish companies access to cutting-edge AI to scale, grow and succeed as European companies with global reach”, and would aid “founders, scaling companies and established corporates”.
The gateway, claimed to be the first of its kind in Ireland, will offer Irish organisations computing power and infrastructure to build AI, sandbox access to test systems for trustworthiness and regulatory readiness, and cyber resilience capability to test and secure AI-enabled products before launch, to help them deploy AI systems while staying compliant with national and European laws.
Fergal Brosnan, the CEO of RDI Hub, said: “Most AI sandboxes do one thing. The RDI AI Gateway does three. We’ve brought together access to infrastructure to build AI, a sandbox to test and validate it, and cyber resilience capability to test resilience and secure it before deployment.
“That combination is what organisations have been asking for, and it can help turn AI pilots into systems that are ready for real-world use.”
RDI Hub, based in Killorglin, Co Kerry, offers supports to start-ups, SMEs, corporates, public bodies and research-led innovation in sectors such as fintech, sustainability, travel and tourism, and emerging technology, with AI seen as a “core crosscutting capability”.
Dr Hazel Murray, chair of cybersecurity at MTU, said: “This collaboration combines MTU’s research and cybersecurity infrastructure with RDI Hub’s industry network and delivery model.
“Together, we can help turn specialist technical capability into practical support for trusted AI and cyber resilience, while also strengthening links between Ireland and Luxembourg.”
RDI Hub said the gateway is aimed at “large corporates, SMEs, pillar banks and regulated financial institutions; fintech firms; AI start-ups and scale-ups; government departments; public bodies; local authorities; research-led innovation projects; and organisations exploring sovereign cloud, EU AI Act readiness or access to European compute”.
Daniele Pagani of LIST said: “This collaboration with the RDI gives Irish organisations a trusted route into LIST’s AI sandbox at exactly the moment they need it, as Europe moves from preparing for the EU AI Act to applying it.
“It is a practical model for cross-border cooperation, and a real strengthening of the innovation link between Luxembourg and Ireland.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Given how infrequently we upgrade our televisions, and how much they’re used as our portal into a world full of entertainment, it’s a purchase that should not be taken lightly, and that’s why when you shop with Trusted Reviews, you won’t be leaving anything to chance. Thanks to the hard work of our expert testers, we know exactly which of the latest TVs are the best to buy and why.
For years now, we’ve made use of our in-house testing facility to put TVs from the likes of Sony, LG, Panasonic and more, through their paces. When the testing facility is occupied, our team will use their homes to review a TV, but in either case, these sets are used by our team as their main source of entertainment throughout the testing period, after which they know exactly which areas are worth shouting about, and if there are any negatives that consumers should be aware of.
When it comes to buying a TV, the first thing that should be addressed before anything else can even be discussed, is the size of the space you have available. After all, there’s nothing worse in this scenario than thinking you’ve found the right TV for your needs, putting in an order and waiting for it to turn up, only to find out that it’s too large to fit. If there’s any uncertainty at play here, we recommend reading our guide on which size TV to buy.
Once the question of size is dealt with, then comes the budget. The cash you have at your disposal will have a big impact on the type of TV you can pick up, so it’s best to temper your expectations accordingly. If you have less than £500/$500 to work with then you’ll need to shop for an LCD TV which are more affordable, but still pack tons of detail with 4K resolutions now being the default.
For those who have a bit more cash to play with, you can indulge in better display tech such as QLED and OLED, which influences the degree of colour and contrast that you see, creating a far more vibrant and engaging image overall. In either case, we’ve made sure to include a good amount of variety in this list, so you can find the ideal TV. If you decide that you’d rather shop exclusively at the cheap end of the market, then our guide to the best cheap TVs has you covered. Those wanting to shop based on specific tech or use cases can check out our round-ups for the best gaming TVs, best OLED TVs, best 4K TVs and the best 8K TVs.
Every TV we review is put through the same set of tests to gauge its picture performance, usability, and smart features.
Tests are carried out over several days and are done by eye but supported with technical measurements. Testing by eye involves an expert watching a wide range of material to understand and determine a TV’s performance in fields such as brightness, contrast, motion processing, colour handling and screen uniformity.
We’ll consider the design of the TV in terms of build quality, study the spec sheets and see if the TV’s connections are up to spec, as well as playing video and audio content to ensure that the set handles playback as it claims. We also take note whether a product’s compatible formats and features are in line with industry trends or not to gauge whether it’s relevant for you.
Comparison to other related and similarly priced products is also important, to see if it’s missing any vital features and whether it impresses as a whole. After all this, we’ll come to a judgement on how the TV performs as a whole.
The Panasonic TV-65Z95B is our current pick for the best all-in-one TV that you can buy right now. We have other choices from the likes of Samsung, Sony, LG, and more for other categories like best 4K TV, best small TV, and more.
Refresh rate determines how many times per second the TV updates its image. Standard TVs operate at 60Hz, which is fine for most TV shows, movies, and streaming content. However, 120Hz or above is important for gaming, especially with PlayStation 5 and Xbox Series X consoles that support 120fps gaming for smoother, more responsive gameplay.
Burn-in issues were rife with earlier generations of OLED televisions and the issue factors less in more modern TV sets. However, burn-in occurs when static images are displayed for extended periods of time – so if you plan on using the TV to watch the same news channel for hours a day or anything with static taskbars, you might want to consider QLED or mini-LED instead.
The post Best TV 2026: OLED, Micro RGB and more tested appeared first on Trusted Reviews.
Format: Would you prefer wearing a ring or a wrist-based device? If you want something understated that you can wear all the time and don’t mind not having a screen to glance at, then a ring would be ideal. If having a watch on your wrist is comfortable, then a smartwatch or wrist-based tracker may be the right choice.
Compatibility: If you’re an Apple user, ensure your fitness tracker is compatible with iOS. The same goes if you’re an Android user.
Storage capacity: For those who don’t want their fitness tracker to be dependent on their phone, look at a device with its own storage capacity.
Special features: Before purchasing a fitness tracker, consider the health metrics that are important to you for your favorite workouts. If you’d like your tracker to do more than monitor your fitness, you’ll be better off with a smartwatch like the Pixel Watch 4 or Apple Watch SE 3.
Wi-Fi or Bluetooth: If you’re the type of person who likes to leave their phone behind when working out but still needs internet access, ensure your fitness tracker has Wi-Fi.
GPS? For those who run, hike or walk and want to keep track of metrics like distance and pace without their phone, choose a fitness tracker that has built-in GPS.
Screen size: Once you decide you want a fitness tracker with a screen, make sure it fits your personal preferences. A smaller screen may be better if you prefer for it to be less obvious that you’re wearing a fitness tracker on your wrist.
Battery life: How often do you want to be charging your fitness tracker? If frequently charging your devices is a pet peeve, ensure your fitness tracker of choice has a long battery life, especially for your preferred workouts.
Water resistance: Individuals who work out by swimming or those who enjoy taking a dip in the pool after exercising will want a fitness tracker that is water-resistant. Confirm your device is rated for the depth you plan to swim at.
Subscription cost: It’s common for fitness trackers to come with the added cost of a subscription, particularly if you want to access all available features or require extra features for your workout or fitness goals. To guarantee that a fitness tracker is in your budget, check not only the price of the device, but also how much your subscription of choice will run you over the course of a year.
Global ICT experts gather in Shenzhen to master cutting-edge engineering practices and foster international collaboration
Partner Content ZTE successfully co-organized the graduation of the 2026 Engineering Capacity Building Program (Information & Communication Engineering) in Shenzhen. Under the theme “Wisdom Leading Communication Frontiers, Empowering Engineering Practice”, the program was hosted by the Chinese Society of Engineers, organized by the China Institute of Communications, and co-organized by the Guangdong Institute of Communications and ZTE.
The initiative brought together over 60 ICT engineers from more than 20 countries, including Indonesia, Uzbekistan, South Africa, the Czech Republic, Colombia, Peru and China. Through a diverse range of activities, including reports, technical exchanges, and interactive workshops, the program explored global digital and intelligent engineering practices to enhance the professional capacities of domestic and international engineers.
During the organizational and technical reporting sessions, experts from the Secretariat of the Chinese Society of Engineers (CSE) , the China Institute of Communications, the Institution of Engineering and Technology (IET), and ZTE shared insights on innovative practices in engineering capacity building, ICT frontiers, and the evolution of global project management, sparking active interactions among attendees. Magendaran Kaliaperumal, an engineer from Indonesia, shared his profound experience: “Participating in our country’s network integration project, I have truly felt the transformative power of cutting-edge digital and intelligent technologies. From digital project management to the precise optimization of resource scheduling, these technologies have significantly enhanced delivery efficiency and quality.”
Speaking on the transition of digitalization and greening, Prof. Gong Ke, Chairman of the ECBAP (Engineering Capacity Building for Africa Programme) of WFEO (World Federation of Engineering Organizations) in Africa, emphasized: “Engineering is a key force in achieving sustainable development goals for society.” This exchange of ideas laid a solid theoretical foundation for subsequent practical sessions and inspired a sense of responsibility among engineers to collectively drive innovative industry development.
During the site visits, the engineers toured ZTE’s headquarter, experiencing immersive digital and intelligent engineering practices. At the museum, exhibition halls, and smart production lines, participants witnessed the technological leap from 5G to 6G, as well as the deep integration of lean production and intelligent manufacturing. An Algerian engineer expressed his excitement: “We just commercialized 5G last year, and today, seeing the forward-looking breakthroughs of 5G-A and 6G in Integrated Sensing and Communication (ISAC) and intelligent economic foundations makes me highly optimistic about the future.”
The engineers also visited SenseTime to learn about its leading Artificial Intelligence Data Centers (AIDCs) , exploring innovative applications in urban governance, environmental monitoring, and smart healthcare. An Ethiopian engineer remarked: “This program has redefined my perception. The deep integration of cutting-edge technology with real-world scenarios truly demonstrates the potential of technology to drive high-quality social development.”
In the workshop sessions, engineers gained hands-on experience with ZTE’s enterprise-level AI agent, Co-Claw, and collaborated to develop various models based on real business scenarios. At Shenzhen Polytechnic University, they studied new energy vehicle and drone application technologies, personally operating and debugging industrial-grade drones with independent intellectual property rights.
At the closing ceremony, Hu Lihua, Vice President of ZTE, delivered a speech, stating: “ZTE will, as always, open its technological platforms to empower the growth of engineers, working together to build a global engineering community featuring collaborative technology research, shared achievements, and win-win industry growth.”
Participants enthusiastically shared their experiences and insights. “This program not only showed us the potential of cutting-edge technologies but also sparked new thinking on how to enhance our capabilities and adapt to future technological trends,” they noted. A representative from Peru stated they would bring these “genes of innovation” back home to foster further international cooperation. The engineers agreed that open collaboration and mutual recognition of professional capacities are crucial to achieving sustainable development in engineering technology and global digital inclusion.
The China Institute of Communications will continue to leverage its platform advantages to gather high-quality industry resources, actively promote international mutual recognition of engineers, and enhance the professional and international standards of engineers in the ICT and digital technology fields, thereby supporting enterprises in their global expansion.
As a co-organizer of the event, ZTE will leverage its deep expertise in information and communication engineering to continue partnering with all sectors. ZTE remains committed to nurturing global “digital craftsmen” with international vision, digital literacy, and innovative capabilities, contributing to bridging the global digital divide and achieving sustainable development.
Contributed by ZTE.
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts.
Called “fake call detection,” the feature is rolling out globally this month to Android 12 and later devices, starting with Pixel devices, and will be enabled by default.
Once activated, it works automatically when both a caller and recipient are using Phone by Google: when a contact places a call, their device sends a silent, encrypted confirmation signal to the recipient’s device in real time.
If that signal is not sent (indicating the call may be spoofed), the recipient’s device will instead ping the contact’s actual phone to verify the call’s authenticity. If the contact’s device confirms it is not placing a call, the recipient receives an on-screen warning to hang up immediately.
“If a scammer tries to impersonate your contact, that initial confirmation signal will be missing. Your device will instantly notice this and ping your contact’s actual device to double-check,” Google said.
“If their real device says, ‘I’m not making a call right now,’ you’ll get a warning on your screen advising you to hang up immediately. This proactive alert helps you avoid falling victim to deepfake impersonation and call spoofing in real time.”
This new security feature is built on top of the Rich Communication Services (RCS) open standard and will only work on Android devices where the Phone by Google, Contacts, and Google Messages (with RCS enabled) apps are installed.
According to Google, this addresses two widespread fraud tactics: scammers spoofing a familiar contact’s phone number while simultaneously using AI voice-cloning technology to mimic that person’s voice.
Last year, the U.S. Federal Trade Commission (FTC) warned that reported losses from impersonation scams reached $2.95 billion in 2024 alone, while INTERPOL’s March 2026 Global Financial Fraud Threat Assessment flagged impersonation fraud as one of the leading threats contributing to more than $440 billion in global losses last year.
“For years, people have relied on caller ID to know who is on the other end of the line, but this is no longer sufficient due to scammers’ new tactics,” Google added.
“If your device uses a different app, you can install Phone by Google from the Play Store and set it as your default phone app to help protect yourself from fake calls.”
In December, Google also expanded support for Android in-call scam protection to multiple banks and financial apps in the United States, including Cash App (with 57 million users) and the JPMorganChase mobile banking app (with over 50 million downloads).
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Mitsu Makes spent six months on one of the more unusual 3D printer projects in recent memory. The result stands as a working machine with a frame constructed primarily from wood rather than the aluminum or steel common in most DIY and commercial designs. An interest in exploring alternative materials drove the effort. Standard builds lean heavily on rigid metals to maintain alignment under the forces of rapid movement and heating cycles. This project tested whether careful design and added supports could let wood succeed in the same role.
Cutting the first layer of wood was necessary, so he began with massive, thick solid wood stock and then put unique drawings through a CNC machine to create the frame components. Hand sanding was a labor of love that took seven hours to complete, as he needed to ensure a flawless fit and no flex in the finished structure. He used conventional wood glue as the primary bonding method for the frame and avoided using screws throughout the vital drying period to guarantee everything was secure. Clamps were needed to maintain the structure square for a few days, as he wanted to ensure that the enormous assembly did not warp. We didn’t begin staining until it was finished, and even then, he tested the finish on some spare pieces before applying it to the rest of the frame, top plate, steel backer sections, and bed mount.
Sale
Steel backing plates were utilized to reinforce the points where the linear rails met the wood. These were laser cut and pre-drilled by Justway, adding much-needed stiffness to the wood sections, which can be rather thin in places (about 3mm). The printer’s mobility is caused by a cross-gantry setup. We have two stepper motors for the X and Y axes, and a third for the Z axis, which powers the lead screws (150mm long). This gives us 110mm of vertical travel and the ability to automatically tram the bed, which is a game changer.
On the control electronics front, he went with a BigTreeTech Manta M8P board with Klipper firmware. This combination gave him various advanced tuning options and made it much easier to maintain the wiring clean. Regarding the toolhead, he modified an Annex Engineering K3 carriage and fitted a Dragon UHF hot end and a Sherpa Mini extruder, which is a wonderful piece of kit. He also has a Beacon RevH probe, which helps with accurate bed mapping.
Turning on the power gave him quick smooth mobility, as well as useful functions like auto homing, Z axis tilt adjustment, and entire bed mesh probing. His initial test prints, a Voron calibration cube, were quite impressive, and he refined things a bit to improve the output even more, but one thing that really stood out was how quiet the printer was running, as the wood helps to dampen vibrations, which is far superior to your average metal frame.
[Source]
Compliance builds trust. Done right, it doesn’t limit enterprise choice or burden IT teams. And it supports innovation where it matters: in the real world, at scale, under scrutiny.
Somewhere in your organization, a procurement process is stalled. A vendor passed the technical evaluation. The security team has questions. Legal is reviewing a data processing agreement.
Someone is waiting on a SOC 2 Type II report that should have been easy to produce but apparently isn’t. Meanwhile, the business problem the technology was supposed to solve is getting worse.
Senior Security Advisor at Tanium.
This is what compliance looks like from inside many enterprises: not a framework, but a friction tax. A necessary drag imposed by auditors, regulators, and legal teams on the people who are trying to move the business forward.
One acronym after another: SOC 2, FedRAMP, ISO 27001, NIST CSF, and now Europe’s expanding regulatory stack of NIS2, DORA, and the AI Act—and each new addition seems to add process and subtract productivity.
Yes, this is the lived experience inside many organizations, but the frequently drawn conclusion, that compliance is more pain than gain, is backward.
The friction isn’t compliance. The friction is bolted-on compliance — the kind that gets retrofitted onto products not designed for it, managed by vendors who treat it as a checkbox, and inherited by enterprise customers who then exhaust themselves trying to close gaps that should never have existed.
When compliance is foundational rather than cosmetic, the dynamic inverts entirely. Security debt shrinks. Procurement cycles compress. Audit prep stops being a fire drill and starts being a byproduct of normal operations.
And perhaps most consequentially in this AI moment: Organizations that have built compliance into how they operate can move into regulated markets, deploy AI with confidence born from genuine governance, and earn the kind of customer trust that actually accelerates growth.
Success isn’t about minimizing compliance exposure. It’s about recognizing that compliance done right isn’t a constraint on where the business can go. It’s what makes going there possible.
The pace of regulatory change over the past five years is not a coincidence or an overreach.
It is a rational response to the scale and speed of digital transformation—and to the mounting evidence of what happens when that transformation outpaces accountability: ransomware attacks that hobble hospitals; AI systems that take consequential decisions with no accountability mechanisms; data brokers that monetize personal information at a scale no one fully consented to.
Digital transformation has moved faster than the governance structures built to oversee it, and regulators, particularly in Europe, have taken action.
Through its leadership, Europe’s approach will increasingly become the global default. The EU’s AI Act, which entered into force in August 2024, establishes binding requirements for artificial intelligence for the first time anywhere in the world.
NIS2 has significantly expanded cybersecurity obligations across critical infrastructure sectors. DORA, which came into application in January 2025, requires financial services firms to demonstrate comprehensive digital operational resilience—not just on paper, but continuously, across their entire third-party supply chain.
These frameworks no longer affect only IT departments. They extend from senior management to legal counsel to external stakeholders, permeating entire organizations. A breach today isn’t just an IT incident—it’s a board-level event with regulatory consequences.
An AI deployment isn’t merely a product decision—it’s a governance commitment. What starts as compliance pressure in Brussels influences procurement criteria in Singapore, insurance requirements in San Francisco, and contract language in Sydney. And these frameworks continue to evolve.
At the CyberUK conference in April, Minister for Security Dan Javis announced a £90m resilience investment, a new Cyber Resilience Pledge for organizations, and a National Cyber Action Plan due this summer.
The question, then, is not whether this environment is demanding. It is. The question is whether your response, and your vendors’, is making your organization stronger or more fragile. Compliance is not only a legal signal; it’s also an engineering signal.
Software that maintains compliance across multiple overlapping frameworks—especially in domains like AI governance, cloud operations, and data security—has demonstrated something important: that it can continuously execute with discipline, at scale, every time.
And if your vendor struggles to produce clean compliance documentation, or whose compliance posture is a layer of controls wrapped around an architecture not designed for them, that’s a demonstration of limited capability and potential.
Most organizations evaluate compliance as a binary: Either a vendor is compliant or they aren’t. The more useful practice is to use compliance as a multidimensional diagnostic. Here are five questions that reframe it that way.
Does compliance reduce your future exposure, or just your current liability? There’s a meaningful difference between a vendor who has passed a compliance audit and a vendor whose architecture was designed to remain compliant as requirements evolve. The former gives you a certificate.
The latter gives you continuity. Ask how controls are implemented: Are they automated and continuously monitored, or manual and periodic? Ask how the vendor tracks regulatory evolution and builds it into their roadmap.
A vendor whose compliance posture is reactive will become a source of regulatory drag for your organization when the next framework arrives. And the next framework is already coming.
Does compliance reduce your internal work, or create more of it? Audit readiness should be a built-in operational state, not an emergency.
If proving compliance to an auditor requires your team to pull manual reports, stand up compensating controls, or write exception documentation, that’s a product design problem that your organization is absorbing. Every manual workaround is a cost, a risk, and a symptom.
The right tools make compliance frictionless from the inside—continuous visibility, automated reporting, and exception management that lives in the platform rather than in a spreadsheet maintained by someone who will eventually leave.
Does it accelerate decisions, or slow them down? Compliance frameworks should shorten, not extend, due diligence cycles. A vendor with a mature, auditable compliance baseline gives procurement and security teams a shared reference point that replaces weeks of less structured evaluation.
This is especially valuable in the AI era, where the pressure to deploy is high and the governance questions are genuinely novel. Organizations that have established compliance baselines can evaluate new AI tools against a framework they already understand and trust.
Those that haven’t are starting from scratch every time—and in a fast-moving market, that gap compounds.
Does it unlock markets, or just protect against risk? This is where compliance shifts from defensive to offensive. In financial services, healthcare, defense, and critical infrastructure, compliance isn’t just a risk management tool—it’s a market access requirement.
Organizations that have built strong compliance postures can move into these sectors faster and with greater customer confidence than those that haven’t.
Microsoft’s investment in FedRAMP authorization for its cloud services, for example, wasn’t primarily about risk mitigation—it was about unlocking a massive public sector market that would otherwise have been unavailable.
The compliance investment paid for itself in market access. That calculation is available to any organization willing to make it.
Does it position you for what’s coming, or just what’s here? Regulatory requirements will only expand. The EU AI Act is a framework in motion—obligations phase in through 2027, and its enforcement will reshape how AI is procured and deployed globally.
NIS2 and DORA are being watched as models for similar legislation in other jurisdictions. The vendors and organizations that are treating these frameworks seriously now are building institutional capability that will matter enormously when the next wave arrives.
Nowhere is the compliance-as-enabler argument more immediately relevant than in enterprise AI adoption. The pressure to deploy AI tools is intense. The governance questions are real and unresolved.
And the regulatory, reputational, and operational consequences of getting it wrong are significant enough that many organizations are effectively paralyzed: moving fast enough to feel like they’re doing something, slowly enough to ensure they haven’t really committed.
Compliance frameworks can alleviate this paralysis.
The EU AI Act’s risk classification system gives enterprises a structured way to categorize AI deployments and apply proportionate governance. NIST’s AI Risk Management Framework provides a methodology for evaluating AI tools that maps to existing security and compliance practices.
These aren’t bureaucratic obstacles to AI adoption; they’re decision architectures for organizations that need to move not just with speed, but with confidence.
The vendors who understand this are already building it into how they position AI capabilities.
They’re not just asking “what can this model do?” They’re answering “how does this deployment remain auditable, explainable, and compliant as requirements evolve?” That’s not caution. That’s the only kind of AI deployment that actually scales inside a regulated enterprise.
At the start, we described a procurement process stalled by a vendor who couldn’t produce clean compliance documentation. That scenario is frustrating.
But consider what it’s actually revealing: a vendor who either built something without thinking about how it would be governed, or who thought about it after the fact and found the retrofit difficult
Either way, that difficulty doesn’t stay in procurement. It moves with the product into your environment, your audit cycles, your incident responses, and eventually your board conversations.
The regulatory landscape will keep intensifying. The AI Act’s requirements are still phasing in. NIS2 enforcement is finding its teeth. New frameworks are forming around data sovereignty, algorithmic accountability, and critical infrastructure resilience. None of this is going to simplify.
But that’s precisely the point. In a more complex regulatory environment, the organizations that have built compliance into how they operate—and demanded the same from their vendors—will move faster, not slower, than those who haven’t.
They’ll spend less time on exceptions and workarounds. They’ll close procurement cycles in weeks rather than quarters. They’ll deploy AI without governance paralysis. And when the next regulatory wave arrives, they’ll already be most of the way there.
Compliance isn’t about limiting what technology can do. It’s the proof that innovation has earned the right to scale.
We’ve featured the best AI website builder.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
Control Resonant launches globally on PS5 on September 24, and Remedy is making a cleaner break from the first game than a new city alone would suggest. Dylan Faden, not Jesse, is the playable character this time.
That choice gives the sequel a sharper charge. Dylan was once treated as a threat, but Control Resonant puts him at the center of a story about power, damage, and the bond that still ties him to Jesse.
Dylan gives Control Resonant a way back into the Faden story without replaying Jesse’s rise through the Federal Bureau of Control. He carries a different kind of history, one shaped less by discovery than by fallout.
The change also reaches into combat. Dylan uses the Aberrant, a shapeshifting weapon built around aggressive close-range action, which gives him a different rhythm from Jesse and her Service Weapon.
That helps the handoff feel more intentional. Remedy isn’t simply changing the face on screen. It’s giving players a new body language for the same haunted universe.
Jesse’s arc was about forcing answers out of a hostile institution. Dylan begins from a more damaged place, with the consequences of that world already written into him.
That puts Jesse and Dylan’s unresolved history under real pressure. Jesse is still part of the frame, but Dylan carrying the playable perspective forces the sequel to face the damage between them instead of leaving it on the edge of the lore.
The warped Manhattan setting gives that conflict more room to breathe. Moving beyond the Oldest House lets Remedy expand the threat while keeping the Faden family wound close to the action.
Pre-orders are open now, but the bigger question is how Remedy handles the handoff from Jesse to Dylan. The risk isn’t that Dylan lacks story potential. It’s whether Control Resonant can make his central role feel earned without flattening Jesse’s importance.
The PS5 Digital Deluxe Edition includes 48-hour advance access, so some players can start on September 22 instead of September 24. Everyone else should watch the same thing when launch arrives, whether Dylan Faden can carry the emotional weight the first game left unresolved.
The UK’s Competition and Markets Authority has imposed binding rules on Google’s search services in a move it calls a world first.
The UK’s competition regulator has formally required Google to let publishers opt out of having their content used to power AI features in search, including its AI Overviews product.
The Competition and Markets Authority (CMA) imposed the conduct requirement today (3 June) under the UK’s digital markets competition regime, making it the first binding ruling of its kind to be issued against a major tech platform in the UK.
Following consultation feedback, publishers will also be able to opt out of their content being used for the fine-tuning of Google’s AI models, giving them control over the full range of AI use cases of their content. Google will also be required to attribute publisher content clearly, using links, in AI-generated search results.
The CMA said the requirement would put publishers, including news organisations, in a stronger position to negotiate content deals with Google.
The ruling follows Google’s designation in October 2025 as having strategic market status in UK search, a formal finding of substantial and entrenched market power that gave the CMA the power to impose targeted rules on the company.
The CMA said it was also responding to Google’s announcement in May that it planned significant changes to its search platform to further embed AI technologies, which the regulator said could fundamentally change how search results are presented to UK users. Today’s requirement will apply to those changes.
“Today, we have introduced a world-first requirement on Google’s search services in the UK, enabling fair treatment, greater transparency and meaningful choice for businesses and consumers,” said Sarah Cardell, CEO of the CMA.
“With features like AI Overviews rapidly reshaping online search, it is crucial that content publishers, including news organisations, have appropriate bargaining power over how their content is used.”
A spokesperson for Google pointed siliconrepublic.com to its official blog post reaction to the announcement, saying it would begin testing a new toggle in Search Console allowing website owners to decide whether their content appears in AI Overviews, AI Mode and related features. Sites that opt out will not receive traffic or impressions from those features, Google said, and the setting will not affect rankings in standard search results.
The company also said it would roll out new performance insights in Search Console showing publishers which of their pages appear in AI responses and in which countries.
Google said it would begin the rollout to a subset of website owners in the UK first, “allowing for thorough testing before rolling them out to website owners globally”.
The blog post, written by Mrinalini Loew, general manager of Google Search Ecosystem, did not directly address the CMA’s ruling but framed the changes as part of Google’s own initiative to give website owners more control as user behaviour shifts toward AI-powered search. Google said AI Overviews now has over 2.5bn monthly active users and AI Mode has surpassed one billion.
Google has nine months to implement all required changes under the CMA’s conduct requirement, though the regulator said it expects the key publisher controls to be available well before that deadline. Google must submit compliance reports every six months in the first year, backed by data and metrics.
Cardell confirmed that further action in relation to Google’s search business would be announced in the coming weeks. The CMA said it has now launched four strategic market status investigations into major tech companies since the digital markets regime came into force last year, covering Google, Apple and Microsoft.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications.
The project is based on the open-source uutils project, a cross-platform rewrite of the GNU coreutils in Rust, and is designed to make it easier for developers to switch between Linux, macOS, Windows, and Windows Subsystem for Linux (WSL) without changing workflows.
“Developers constantly move between platforms, but familiar commands don’t work consistently, forcing workarounds, lost speed and context switching,” announced Microsoft.
“To address this, we’ve built Coreutils for Windows from the uutils open-source project, a cross-platform reimplementation of GNU Coreutils in Rust. These are Linux-like command-line utilities that run natively on Windows.”
According to Microsoft, the goal is to make existing commands and tools work across platforms so that scripts can be used on Windows without modification or other tools.
The Coreutils for Windows project has also been released on GitHub as a Microsoft-maintained package that combines uutils/coreutils, findutils, and a GNU-compatible grep implementation into a single binary.
Coreutils for Windows includes numerous commands commonly used in Linux, such as cat, cp, find, grep, hostname, ls, mv, pwd, rm, sleep, tee, and uptime.
The utilities can be installed through WinGet using the following command:
winget install Microsoft.Coreutils
Rather than creating separate executables for each program, Microsoft created a single coreutils.exe binary that contains all the functionality of each program.
When Coreutils for Windows is installed, the setup creates NTFS hardlinks for each supported command, such as ls.exe, cp.exe, cat.exe, and rm.exe, that all point to the c:\Program Files\coreutils\coreutils.exe executable.
When a user launches one of these commands, Windows loads coreutils.exe, which determines which utility to run based on the name of the command that was executed. This allows Microsoft to maintain a single executable while still providing individual Linux-style commands.
Running fsutil hardlink list coreutils.exe shows dozens of command names, including cat.exe, cp.exe, cut.exe, base64.exe, and others, all referencing the same file on disk.
As many Linux command names conflict with existing Command Prompt and PowerShell commands, Microsoft shared a compatibility table showing how each utility behaves in different Windows shells.
For example, commands such as ls, cat, cp, mv, rm, pwd, sleep, and tee are included with the package.
However, whether the Coreutils version is executed depends on the shell being used, the order of directories in the system PATH, and the PowerShell alias table.
Other commands, including dir, more, paste, and whoami, are not shipped because they conflict with existing Windows commands.
Microsoft also did not release several popular Unix utilities that rely on POSIX functionality, which is unavailable on Windows, including chmod, chown, chroot, nohup, tty, and who.
The company says they also did not release the ‘kill’ or ‘timeout’ commands, as Windows does not support POSIX signals, though this may be possible in the future.
Microsoft also warns that there may be differences between Linux functionality and how commands work in Windows due to differences in line feeds, file permissions, and POSIX support.
Coreutils for Windows was announced as part of Microsoft’s strategy to make Windows a developer-friendly platform.
During Build 2026, the company also announced WSL containers, which will provide a built-in way to create, run, and interact with Linux containers on Windows using native CLI and API tools.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Israel says it has killed new Hamas military leader in Gaza City airstrikes
Waymo dominates autonomous vehicle registrations as Tesla trails behind
This is BROKEN! INSANE 5x MONEY CAR WASH WEEK! The NEW GTA Online UPDATE Today! (GTA5 New Update)
SpaceX just won a second Golden Dome contract. This one is $4.16 billion.
SHE IS KILLING XRP!!! WATCH URGENT AND ACT FAST
FIRST NIGHT REVIEW: Take That bring the Circus back to life in spectacular sun-soaked style
Jade Biosciences, Inc. (JBIO) Discusses Positive Interim Results From JADE101 Phase I Healthy Volunteer Study and Development Plans Transcript
The Samsung pay deal is the moment Korean unions changed register
CFTC Has Approved the First Regulated Bitcoin Perpetual Contract in the U.S.
SpaceX’s $2 Trillion IPO: Why Tech Giants Nvidia (NVDA), Apple (AAPL), and Microsoft (MSFT) May Face Pressure
Is the Spurs Phenom Already Better Than Prime Diesel?
Novak Djokovic v Joao Fonseca LIVE: French Open latest scores and results after Jannik Sinner’s shocking collapse
Snowflake (SNOW) Stock Rallies on Strong Q1 Results and AI Product Growth
Weak ‘Supergirl’ Box Office Tracking Amid Milly Alcock Backlash
Demand Conditions Improve In Chemicals Sector In April 2026
MicroStrategy Moves $30 Million in BTC to Coinbase Prime: Is the Bitcoin Sell-Off Already Here?
The House | Inside Andy Burnham’s Makerfield Campaign: “Nobody Thinks This Is In The Bag”
This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join
Maddox Jolie-Pitt Legally Requests to Drop Brad’s Surname
One of the Greatest Sitcoms of All Time Shoots Up Apple TV’s Charts 11 Years Later
You must be logged in to post a comment Login