GitHub Reduces Secret Scanning False Positives with LLM Verification
GitHub Blog3 days agoReleaseGitHub describes an improvement to secret scanning that uses context-aware LLM reasoning during verification, after candidate secrets are detected. Instead of sending whole files or repositories to a model, the system extracts focused usage signals, such as whether a value flows into authentication, API, database, or cloud SDK code. In tests on customer-confirmed false positives, GitHub reports a 75.76% reduction, above its 65% target, while preserving detection coverage.
Microsoft's open source tools were hacked to steal passwords of AI developers★ 78
Hacker News (AI keywords)5 days agoIncidentMicrosoft temporarily removed several open source GitHub projects while investigating suspected malicious content. The affected repos were linked to Azure and developer workflows involving AI coding tools such as Claude Code, Gemini CLI, and VS Code. Security researchers said the malware could steal passwords and sensitive credentials when compromised tools were opened, though Microsoft has not disclosed how many users were affected.
Mantine DataTable source repo compromised; owner account suspended★ 74
Hacker News (AI keywords)9 days agoIncidentA GitHub security notice says Mantine DataTable and other repositories received unauthorized commits through the github-actions bot. The npm packages were reported safe; the risk targets developers who recently cloned or pulled the source and open it in VS Code, Cursor, Claude Code, Gemini, or run npm test. A later update links the payload to the Miasma / Shai-Hulud worm family and says a stolen credential is the likely path.
透過 MCP 搜尋百萬個 GitHub 儲存庫:Vercel 推出全新 AI 協定工具★ 80
Vercel Changelog332 days agoNew ToolVercel has announced a major update to its AI development tooling, launching a new service based on the Model Context Protocol (MCP) that allows developers to…