
GitHub has made innersource security advisories available for its Advanced Security enterprise customers. These advisories function like open source advisories but are limited to the enterprise's own repositories. A new REST API endpoint allows enterprises to manage vulnerabilities, including creating, updating, or withdrawing advisories. Dependabot assists by notifying internal repositories of vulnerabilities and initiating pull requests for version upgrades. This feature aims to streamline internal security processes for enterprises using GitHub.
Read original
© GitHub ChangelogCodeQL 2.26.0 marks a significant step forward for GitHub's static analysis engine, particularly in addressing security vulnerabilities. This release expands its capabilities to include Kotlin 2.4.0, while also adding a crucial query for identifying AI prompt injection risks in JavaScript and TypeScript. By refining existing queries and introducing new ones across languages like C#, Go, and Python, the update reduces false positives and enhances detection accuracy. These improvements make CodeQL a more powerful tool for developers focused on securing their code, especially in AI-driven contexts. The update is automatically available to GitHub code scanning users, ensuring immediate benefits for those on the platform.
© GitHub ChangelogGitHub has streamlined budget management for enterprises by introducing a REST API endpoint that allows for efficient tracking of individual user consumption against multi-user budgets. Previously, checking each user's budget usage required separate API calls, making the process cumbersome for large organizations. Now, enterprise owners and billing managers can quickly identify users nearing their budget limits, thanks to new filtering and sorting capabilities. This update simplifies financial oversight and reduces the need for custom scripts, making budget management more accessible and efficient.
© GitHub ChangelogGitHub has officially launched its new pull requests dashboard, providing a centralized hub for developers to manage and prioritize their pull requests. This feature, previously in public preview, now offers enhanced filtering and search capabilities, allowing users to create custom views and utilize advanced search queries. The dashboard aims to streamline the workflow for both individual contributors and managers by surfacing critical pull requests that require attention. This update marks a significant improvement in how developers can interact with and manage their contributions across multiple projects.
© TechCrunch AIMeta has quickly retracted an AI feature from Instagram that allowed users to alter photos from public accounts without notifying the original poster. This feature, part of the Muse Image AI suite developed by Meta Superintelligence Labs, sparked immediate criticism due to its potential for misuse, such as generating unauthorized images. The removal underscores the ongoing struggle tech companies face in aligning innovative tools with user privacy and ethical standards. Meta intended to offer a creative tool, but the absence of user consent mechanisms led to its swift withdrawal, emphasizing the necessity for stronger safeguards in AI technology.
© The Verge AIMeta has quickly removed a controversial Instagram feature that allowed users to create AI-generated images using content from public accounts. This feature, part of Meta's Muse Image AI model, faced heavy criticism for enabling potential misuse without the consent of account owners. Critics, including the National Center on Sexual Exploitation, pointed out risks such as sextortion and privacy violations. Initially, Meta offered an opt-out option hidden in settings, but the backlash led to the feature's complete removal. This decision highlights the ongoing challenge for tech companies to innovate while respecting user privacy and safety.
© The Verge AIApple has taken legal action against OpenAI, accusing the company of illicitly acquiring trade secrets to enhance its hardware development. The lawsuit alleges that former Apple employees, now working at OpenAI, transferred confidential information about Apple's unreleased products and processes. This legal conflict reveals the intense competition among tech giants as they venture into AI hardware. If the allegations hold true, OpenAI's hardware plans and its partnerships could face significant challenges. This case brings attention to the vital role of intellectual property protection in the tech industry.