GitHub status: access issues and outage reports
No problems detected
If you are having issues, please submit a report below.
GitHub is a company that provides hosting for software development and version control using Git. It offers the distributed version control and source code management functionality of Git, plus its own features.
Problems in the last 24 hours
The graph below depicts the number of GitHub reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at GitHub. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by GitHub users through our website.
- Website Down (69%)
- Sign in (19%)
- Errors (13%)
Live Outage Map
The most recent GitHub outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Website Down | 1 day ago |
|
|
Website Down | 2 days ago |
|
|
Website Down | 2 days ago |
|
|
Sign in | 3 days ago |
|
|
Website Down | 3 days ago |
|
|
Website Down | 26 days ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
GitHub Issues Reports
Latest outage, problems and issue reports in social media:
-
MarkBruns (@MarkBruns) reportedThe proprietary LLM PRODUCTS are defined and devalued by the gaurdrails ... but the REAL problem has always been quality of data going in to the system ... GIGO ... for example, the stolen-from codebases on GitHub were JUNK and irresponsibly coded Javascript/Python/Zig -- so the resulting vibe-coded crap replicated the systemic errors of the easy-to-code, anything will compile body of crapware. EVERYBODY using the frontier models ... except that maybe these people are idiots who'll pay for anything, so not everybody got it ... sensed this some time ago and it really drove the agentic harness excitement from at least last fall or well before that. It was clear from the start of the AIsplosion that the data going into the frontier models was lowest common denominator, ie Wikipedia-esque or GitHub-esque, bogus non-great pablum-for-the-masses dubious quality data. Anybody who actually wanted to use AI had to take much more control of their own specific data and training their small language models and not waste their time vibe-coding lowest common denominator nothingware. NOW it has become so glaringly obvious, that it's the kind of knack-for-the-obvious material that is being disseminated by even the last-to-know journos working for news orgs.
-
CatDog (@kdoggo1181074) reportedSome important @FireCashX transparency questions before mainnet, especially for Kaspa users interested in new Kaspa forks. I first heard several of these concerns from community members, then reviewed the public GitHub repositories, wallet documentation, commits, and issue history myself. I am not identifying or attributing the original Discord participants here; the points below are based on publicly verifiable sources. Kaspa community members should be cautious when a new project presents a fork as necessary for functionality that may ultimately be implementable directly on Kaspa or through Kaspa-based applications and protocol extensions. A fork creates a new trust surface: new maintainers, modified consensus code, new wallets, new pools, new infrastructure, and new tokenomics. That does not mean FireCash is destined to fail, or that every Kaspa fork is illegitimate. FireCash may still improve substantially, and open testing can expose problems before mainnet. But the burden should be on the project to explain clearly why a separate chain is required and to demonstrate that its changes are secure.
-
Nikhil Kumar (@nickssbuilds) reportedCognition AI announced Devin and charged $500/month for it. The open source community built OpenHands in response. It now has 70K+ GitHub stars, a $18.8M Series A, and scores 72% on SWE-Bench - at or above proprietary alternatives. What it actually does: - reads a GitHub issue - writes a fix inside a sandboxed Docker environment - runs tests - opens a PR The part that matters is that every action is logged. You see exactly what the agent did and why. No black box. No vendor lock-in. This Runs on any LLM through OpenRouter or local models via Ollama. This is what the open source community does when someone charges $500/month for something engineers could build themselves.
-
Chris Tidesson – e/acc (@Ravensong666) reported@ClaudeDevs You know what is a bit ******? I wanted Fable to fix a few security flaws in my own code - which Codex found for me because Fable even refused to find the flaws. So I gave the shitlist which GPT 5.6 wrote to Fable and Fable STILL refused. But since I only have ChatGPT Plus I couldn't let Codex do the work - the analysis alone ate up an entire 5h usage window. I mean - it's my own code, it's about OPAQUE and E2EE and similar stuff that is clearly helpful and "deredere" software work. Also it's an open source project under the AGPLv3 license and a repo I made public on github. Are you really serious? I mean - thats EXACTLY the #1 use case for such a strong model. Thats like saying "here, fork, but you can't eat spaghetti carbonara with it". Come on, you can do better, no?
-
Rituraj (@RituWithAI) reported🚨 Someone built the web crawler that every AI agent actually needs. Not a scraper. Not a spider. A crawler designed specifically for feeding LLMs — structured, clean, and fast enough to process the entire web at scale. It's called Crawl4AI. 44,000 GitHub stars. The most starred web crawling repo in AI history. And it does something every other crawler gets wrong. Here's the problem. Every web crawler built before AI was the primary consumer was built for humans or databases. They returned raw HTML. Noisy. Bloated. Full of navigation menus, cookie banners, ad containers, and script tags that have nothing to do with the content you actually need. Feed that raw HTML to an LLM. You're wasting 60-80% of your token budget on noise. Your context window fills with irrelevant markup before the actual content loads. Crawl4AI returns clean, structured Markdown. Not HTML. Not JSON. Markdown — the format LLMs read most efficiently, with all the noise stripped and the structure preserved. Here's what it actually does: → Async-first architecture — crawls hundreds of pages simultaneously without blocking → LLM-ready Markdown output — clean content, no navigation noise, no ads, no cookie banners → Smart content extraction — identifies the main content block automatically, ignores boilerplate → JavaScript rendering — handles SPAs and dynamic content via Playwright integration → Media extraction — images, videos, audio all captured with context → Link analysis — internal and external links extracted and categorized → Structured data extraction — CSS selectors, XPath, and LLM-based extraction strategies → Session management — maintains login state, cookies, and browser context across requests → Proxy support — rotate proxies for large-scale crawling → Magic Mode — automatically handles consent forms, cookie banners, and overlays Here's the architecture that makes it genuinely fast. Crawl4AI uses an async browser pool — multiple browser instances running simultaneously, each handling their own queue of URLs. No sequential processing. No waiting for one page before starting the next. Hundreds of pages crawling in parallel. Combined with smart caching — pages already crawled get served from cache without re-fetching — large crawls that would take hours on a traditional crawler finish in minutes. Here's the wildest part. It ships with a Deep Crawl mode and an AI-powered extraction pipeline. You describe what you want to extract in plain English. Crawl4AI uses an LLM to intelligently extract structured data matching your description from any page — no CSS selectors, no XPath, no brittle scraping rules. "Extract all product names, prices, and descriptions" — it understands that instruction and applies it to any e-commerce page it crawls. And it has full MCP support — Claude Desktop, Claude Code, and any MCP-compatible agent can call Crawl4AI as a native tool. Your agent can crawl the web as part of its reasoning process without you writing a single line of crawling code. Your agent can now crawl any website, extract clean structured content, and use it directly in its reasoning — at the speed of async Python, at the scale of a professional web crawler. 44K GitHub stars. 6.2K forks. 847 commits. Apache 2.0 License. 100% Open Source. GitHub link in the comments 👇
-
Miguel Carneiro (@mig4ng) reportedGitHub and @grok are being slow today? Or am I being rate limited because my agents work too fast?
-
Praveen Kumar B (@PraveenKum38515) reportedHi @Netlify, @NetlifySupport Unable to log in via GitHub: "Authentication Error: Your account has been suspended." My GitHub account is active, but all my Netlify-hosted sites now show "Site not found." I've already opened a support ticket. Please investigate. Thank you.
-
David Joos (@DavidJoos6) reported@jojephson In GitHub yeah. Misunderstood the text align feature - fix will come in 0.8.1
-
Rulya (@Rulyaxd) reported3 hours with Claude. Two months later, servers he'd never visited had his bot installed. Zero coding classes. The article beside this is the exact four prompts he used. The story: a small study-group Discord server, one recurring annoyance (new members asking the same five questions in the wrong channels), Claude open in another tab. Three hours later he had a bot answering those questions. Sixty days after that, dozens of servers he'd never been in were installing it, because someone had shared it in a room he wasn't a member of. The build was four prompts. Prompt 1: describe the annoyance clearly enough that Claude writes the whole bot in a standard framework, with plain-English explanations of every section. Prompt 2: paste the exact error message when it breaks, ask Claude to explain what it means, what caused it, and the exact fix while explaining what changed so you understand it instead of copy-pasting. Prompt 3: turn the working script into a real product name, short description, add-to-server instructions. Prompt 4: after the first outside install, edge cases start showing up. Same loop. Paste the error, get the fix, ship it more stable than before. The growth curve is boring in a good way. First install: your own server. Second stage: someone shares it in a room you don't belong to. That's when the interesting bugs appear. From there it compounds handful → dozens → hundreds → thousands, once bot-listing directories start indexing it. The monetization shape follows. Free is what spreads. Premium at $19/month unlocks advanced automation for the server owners already depending on it. At 100 servers with a 50% paid conversion on Premium alone, that's $950 a month from a project that started as a study-group irritation. The illustrative math in the article 10 servers/4 paying/$76, 25/10/$190, 50/20/$380, 100/50/$950 isn't a promise. It's the shape of a low conversion rate compounding on top of a free version that already spread on its own. The article's kicker lands harder than the numbers do. The hardest part isn't building the bot anymore. It's believing you're allowed to. The kid in the video already believes. The article beside it hands you his four prompts. Most people will read this and think it's about Discord. A small number will notice that the same loop works for Slack, Telegram, Notion, Chrome extensions, and internal GitHub apps. He wrote no code. What he learned was how to describe a problem clearly enough that the software would build itself.
-
Techjunkie Aman (@Techjunkie_Aman) reportedGitHub has quietly become one of the biggest Android app stores on the internet. The only problem? Nobody built a Play Store for it. Thousands of amazing Android apps live only in GitHub Releases. Installing them means hunting through repositories, checking release pages, downloading APKs manually, then remembering to check for updates. Developer Samyak Kamble got tired of that. So he turned GitHub itself into an app store. RepoStore automatically discovers public GitHub repositories whose latest stable release contains a real installable APK. No manual submissions, no private index, no middlemen. Every app must meet strict rules: • Public repository • Latest stable release • Real APK attached • No draft or prerelease builds The result feels remarkably polished. Material 3 UI, Material You theming, rendered READMEs, screenshots, release notes, install tracking, update detection, developer profiles, and one-tap installs, all fetched directly from GitHub. Optional GitHub sign-in boosts API limits from 60 to 5,000 requests per hour, making browsing much faster. Built entirely in Kotlin with MVVM architecture and released under the MIT License, RepoStore is the bridge between GitHub's open-source ecosystem and the app store experience Android users have always wanted. One developer got tired of digging through GitHub Releases... ...so he built the Play Store GitHub never had.
-
Sponge Bob (@muriisajon) reportedLast year, GitHub saw 1 billion commits. This year, it's on pace for 14 billion. We're writing more code than ever, mostly because AI generates it faster than we can read it. ThoughtWorks is calling this "Codebase Cognitive Debt," and it's becoming a massive problem.
-
Moh.Saufy (@Caufy92) reported@github @OpenAIDevs Fix your rate limited
-
Julian Goldie SEO (@JulianGoldieSEO) reportedGoogle AI Studio: You can now import your GitHub code with one click. There's a free update inside AI Studio that fixes its biggest problem. For months, it was a one-way street. You could build an app and push it OUT to GitHub. But you could never bring old code back IN. That wall is gone. Here's why this is huge: → Got an old project sitting in GitHub? Import it. Gemini reads the whole thing. → Tell it "add a contact form" or "fix this on phones" in plain English. → It works with your real code. Not a copy. Not a guess. → Build in Cursor or Claude Code, push to GitHub, polish in AI Studio. → No rebuilding from scratch. No copy-pasting files by hand. You don't need to be a coder. If someone built you a website, you can now update it yourself by typing a sentence. Start small. Import one old project. Ask Gemini what it would improve. That dusty repo you gave up on? It just came back to life. Want the SOP? DM me. 💬
-
Hrishikesha (@HrishikeshaNFTs) reported@iuditg Crap. Limts worst. Drinking like juice, 20%+ for fast chat alone per day. Wasted 20+ runs failed to fix a simple github wf fix gemini pro fixed first time.
-
Kushagra Gour @css_battle (@CSSMonk) reportedafter these 10-min days quick commerce apps, amazon prime feels slow! imagine the situation where coding with AI becomes unavailable and you have to code by hand again! Even if some of us will be able to do it, we wont want to do. Just like quick commerce took away our patience coding by hand will become equally unbearable! Will AI downtimes become the next "github is down" situations?
-
Learn AI (@LearnAI_MJ) reported@ajambrosino Can you make it easy to code in cloud? Just like how Claude Code Connect naturally to GitHub Repo. I know there is the Codex cloud version but it is soooo clunky to use comparing to Claude code and Cursor! Please - fix this. Also, why codex make computer cook so hot 🔥 comparing to Claude? My laptop even need a gaming fan! Please fix this too!!!
-
Tibor Blaho (@btibor91) reportedSummary of Reddit AMA about "GPT-5.6 and Codex in ChatGPT" with OpenAI's Codex team on 2026-07-10 (opened with the stat that more than 5 million people use Codex every week, twice as many as three months ago, with 150 features and improvements shipped in that period) Model selection and reasoning levels - Sol Medium for most things, Sol Ultra for genuinely hard tasks, Terra for quick non-coding tasks or usage-conscious work with performance competitive with GPT-5.5 on some tasks at lower cost, and Luna for subagents - Use a light model with low reasoning for tiny edits, quick questions and docs cleanup, regular Sol medium for small bugs with a clear repro, Sol with higher reasoning for ambiguous bugs, unfamiliar repos and cross-cutting refactors, and Sol Ultra high with plan, verify and tests for migrations, security-sensitive changes, production issues and anything where being wrong is expensive - There is no "Auto" model today, but GPT-5.6 tries not to overthink simple tasks by itself, and the new slider in app and web maps most levels to Sol reasoning efforts and falls back to Terra on the lowest effort, with the team agreeing users should not have to become routing experts but still wanting an explicit override since latency tolerance varies by person and moment - For UI work Sol is best and shines with reference images, improved UI design in frontend web development was one of the goals with 5.6, and 5.5 is only worth using if your instructions were tweaked for it Speed, context window and persistence - Users who find 5.6 slower may not need the same reasoning level as with 5.5, Sol Medium is faster than 5.5 for most things, Fast mode runs at about 1.5x speed, and soon Sol will run on Cerebras at ~750 tokens per second - No promises on a 1M context window for Sol, the team said compaction works fairly well for long threads, and will take a closer look at the long-context feedback - The model can give up too fast and revert whole patches when results are not optimal, unlike Fable which tries to fix a bad patch instead, and the team said "/goal" helps make the agent more persistent, persistence and reduced code complexity are planned improvements, and suggested trying 5.6 Sol with High reasoning - Give Codex bounded goals with room to reason deeply instead of letting it prematurely conclude something is impossible - For long-running research and "/goal" work the example structure was explore broadly vs execute narrowly, try a defined number of hypotheses, run tests after each attempt, then stop and report what was learned plus the next best experiment Usage limits and pricing - Agentic usage counts by the feature being used, not the surface, so Codex everywhere (app, CLI, IDE, web, mobile) and ChatGPT Work consume the agentic bucket, normal ChatGPT chats do not, and image generation, file uploads and voice have separate limits - Task costs vary a lot, a tiny edit uses a fraction of the allowance and long-running tasks with large codebases or deeper reasoning use significantly more - OpenAI does not secretly change usage limits, unintended usage bugs are addressed and resets are provided, more transparency into consumption is being worked on, and missing resets can happen if you changed plans in the past 24 hrs - On pricing there is no promise it never changes, but the stated mission is to make sure AGI benefits all of humanity, which requires making tools like Codex broadly accessible, and Plus includes Codex usage with credits letting heavy users scale without jumping to a much more expensive plan - For MCP-heavy workflows burning limits fast (Unreal Engine example) the tip is to wrap the MCP into a CLI with a skill, or create a custom subagent with the MCP in its config at a lower reasoning level Desktop app merge and stability - The team hears the ChatGPT Classic frustration, both apps can run side by side for now, ChatGPT Work is pitched as significantly better at performing tasks especially with computer use, the new Chrome extension brings a sidebar chat into your browser that interacts with website context, filesystem and connectors - A long submitted bug list covering freezes and stuck threads, broken Browser and Computer Use, thread, connection and configuration problems, update and packaging issues, resource usage and smaller regressions was shared in full with the relevant teams, with the team agreeing the quality bar for the app needs to step up while shipping quickly - More automated testing infrastructure is being spun up and feedback on Reddit and X gets reviewed daily, and Browser Use and Chrome plugin issues from the merge were said to be fixed - Windows was admitted as historically shortchanged since the team mostly develops on Mac, a concerted effort on parity, testing and paper cuts is underway, 5.6 improves how Codex operates in the Windows sandbox, and auto review is recommended over full access to reduce risks - "Full Access" repeatedly asking for permissions is not expected, possible causes are workspace or admin policy, the specific command, a permission state mismatch or a bug Browser, platforms and release communication - The Chrome connector launch-day bug was fixed as of last night and Chrome Beta should work out of the box - Extension support for the Codex browser is in progress (password managers etc.) plus typeahead, history, translations and a better new tab page as Atlas retires - Features from ChatGPT Classic like recording are planned for the new desktop app so agentic features run on the more capable Codex agent harness, and chat can already reference open tabs in the in-app browser - A Linux desktop app was confirmed in the works, no timeline yet - Changelog granularity was acknowledged as needing improvement after 150 features shipped in 3 months with multiple ships a week Benchmarks, safety and research culture - On METR's reward hacking report the team actively checks for and penalizes cheating during evals so results reflect actual capability rather than solving tasks outside the spirit of the eval, and uses third-party vendors to run benchmarks independently - The team denied lobotomizing models before releases, iterative deployment means sharing core capabilities as is with guardrails for bad actors - Sol post-trained Luna, and researchers now work at a higher level of abstraction with multiple concurrent Codex threads validating hypotheses around the clock - One researcher put p(machines of loving grace) at 85.424242%, citing an internal model solving the Erdos problem, o3 helping diagnose previously unsolved children's diseases and 5.2 proposing a new theoretical physics formula, said the main worry is how society adapts, spent 1.5 years on safety research at OpenAI, expects a huge chunk of researchers to work on safety within a few years and says internal talent keeps their p(doom) very low - Connectors in the harness (Slack, GitHub, Notion) felt like a step function change in making Codex a productive coworker
-
Samian (@ApplyWiseAi) reported@ShalsX github is the cheat code that nobody uses right. clean readme + one solid project > 200 leetcode problems
-
Atlas (@crptAtlas) reportedSOMEONE JUST CLONED THEIR VOICE INTO EVERY LANGUAGE FOR $0 a developer named jamie pine shipped a free GitHub repo called voicebox it copies your exact tone from a couple seconds of audio everything runs locally on your own machine so your data never leaves the room you can put out content in Japanese, Arabic or Polish without saying a single word yourself this is the kind of tool that lets one person sound like a whole media team i broke down how i made Claude 8x smarter save this for when you need it
-
Keeta Github Tracker (@KeetaCode) reported🐆 Keeta GitHub PR Merged 📦 Repo: anchor-rs 🔀 PR #23: Fix: Naming Updates 🌿 Branch: fix/naming-updates → main 👤 Originally opened by: @sephynox 🧠 Overview: This PR updates internal naming so Keeta’s developer tools use clearer, more consistent labels, which should make them line up better with the TypeScript version and reduce confusion. In simple terms, some account-related names are being changed, and error messages for blocked asset transfers are being passed through more clearly instead of being turned into a generic failure. This appears to be a technical/internal update with limited public details. - Developers using these tools may need to update their integrations because some old names are being replaced. - Failed transfer attempts may now return more specific reasons, which could make troubleshooting easier.
-
Emmanuel Isenah (@EIsenah) reportedI kept spamming cancel on a gh action this afternoon and it never canceled. Figured I'd just let it time out 3 hours later it's still running, only to learn the timeout is 6 hours 😭 Ended up force-canceling via the API GitHub, please fix your ****
-
Mr.UNIX (@mrunix0) reported@kirancodes Now it's written in Rust and still has twice as many open GitHub issues as both Node and Deno combined
-
TnvMadhav (@TnvMadhav) reportedFor some reason in the past two days I haven't really got @OpenAI 's Codex to use the gh cli properly. While it works in the terminal in both Codex and otherwise, it doesn't work in the sandbox environment of Codex. I smell some updates that ChatGPT is trying to use to install the GitHub plugin but I like to do things with battle-tested existing gh CLI, with as few dependencies as possible. Could this be because of a security issue? As in the access token in my local work computer shouldn't be read? So I wanted to debug this a bit more and installed the Codex CLI on my Mac. While the same prompts, which involve the use of gh CLI tools, "work" on the CLI but not on the desktop app. I'm not sure if this was intentional on the desktop app. I asked Codex itself to perform a root cause analysis but it seems to have no clue or because there is no published documentation on this. By this I meant the execution environment change. It is clear that the sandbox does not have access to the network or the Mac OS keychain but I guess if you give it access once, there is some sort of expiry time for it to work.
-
SleeplessDev (@SleeplessDev3) reported10 ways to LARP as a software engineer : - Buy a mechanical keyboard. - Install Arch Linux. - Tweet "ship fast." - Say "it's a scaling issue." - Open Neovim in a café. - Post your GitHub graph daily. - Mention AI agents. - Wear a black hoodie. - Never actually ship anything.
-
Yasmine Lindsay (@yassylindsay) reportedSo disappointed in 5.6 right now! I’m a windows user… I know ******* right! The codex app has been unusable due performance issues that have shown up for me since June 12 and I’ve had a GitHub issue reporting it open for nearly as long and it’s still ******.
-
Keeta Github Tracker (@KeetaCode) reported🐆 Keeta GitHub PR Merged 📦 Repo: anchor 🔀 PR #396: Cache resolveAsset calls to improve web performance 🌿 Branch: feature/fix-resolveassets-caching → main 👤 Originally opened by: @ezraripps 🧠 Overview: This update makes Keeta’s web experience faster by storing repeated asset lookups instead of rebuilding the same data over and over. In the pull request, the team says web calls to `resolveAssets` 190 times dropped from about 6.5 seconds to around 50 milliseconds after adding caching. In simple terms, the app should spend less time repeating the same background work when showing asset-related information. - This appears aimed at improving speed and responsiveness on web, especially when many asset lookups happen in a row. - The automated summary labels it “medium risk” because it changes core asset-resolution logic, so the main tradeoff is faster performance versus making sure results still match the old behavior.
-
War Alerts Analysis (@War__Alerts) reportedChina’s next big cyber weapon may not be a hacker group. It may be an AI agent that never sleeps. RealClearDefense reports that Chinese AI lab DeepSeek is hiring to build an “AI agent” that scans code and finds vulnerabilities. That’s more than a smarter static scanner. It points to agentic AI in cyber operations: systems that can plan steps, call tools, run code, and iterate toward an objective. In a state where the barrier between commercial labs and security services is thin, that kind of agent is not just a developer convenience. It is potential infrastructure for scalable, semi-autonomous cyber power. Until now, serious cyber exploitation has been constrained by people: elite operators to hunt bugs, maintain toolchains, and weaponize zero-days. Agentic AI changes the equation. If a model can triage huge codebases, propose likely weaknesses, generate proof-of-concept exploits, and refine based on error messages or partial success, then cyber capability becomes less about headcount and more about compute, training data, and tool integration. That is the strategic shift DeepSeek hints at. China already invests heavily in cyber and chases AI self-reliance. A low-cost domestic model stack tuned for vulnerability discovery is exactly the kind of sanction-resistant engine Beijing would want to grow offensive and defensive capacity in parallel. The West is not standing still. Pentagon work on “AI for Cyber Operations” and allied projects on AI-enhanced red-teaming and GitHub-integrated scanners show the same direction of travel. Both blocs are converging on the idea that AI should do the grunt work of finding and probing weaknesses at scale. The shared policy trap is to treat AI-for-cyber as a secret edge to be maximized, rather than a capability that will leak, proliferate, and empower everyone from state operators to ransomware crews. Once a capable agentic model for exploitation exists, containing it is hard. We have already seen how quickly model weights, jailbreaks, and red-team tools bleed into the wild. A stolen checkpoint, a neutered copy on a gray-market cloud, or a contractor selling access could turn what was meant as a state asset into a commodity service for criminals and proxies. Key watch points now: does DeepSeek’s cyber agent stay framed as a passive analysis tool, or does it move into active exploit generation and tool orchestration? And do Chinese and Western governments publish any rules of the road, or do they run classified races with no guardrails and no minimum norms? If both sides push agentic cyber AI without restraint, the winner is not China or the United States. It is whoever gets their hands on the leaked tools next.
-
Onur 🍌🦍 (@0xc06) reportedAn $INJ npm package with 50,000 weekly downloads just got weaponized. Why?! To steal wallet keys, and the attack vector itself is what makes this worth understanding. No smart contract exploit or cryptography broken. Instead, a compromised developer GitHub account pushing malicious commits into a trusted SDK starting June 8. The code hooked directly into wallet key-derivation functions, quietly copying private keys and seed phrases, then exfiltrated them through a fake telemetry endpoint disguised as a legitimate Injective server. What actually multiplies the damage: the compromised version got pinned across 17 other packages in the same npm scope. Devs who never installed the SDK directly still inherited the exposure. 310 downloads before it was caught: the developer whose account got compromised noticed fast, but Socket says the campaign isn't fully contained yet. If trusted developer tools are now the actual attack surface, how do you audit a dependency you've never even directly installed?
-
the_architectopteryx (@rchitectopteryx) reported@PrasVector @ajambrosino Yeah I have an iPad that can’t connect to codex remote and as OpenAI doesn’t have real support or read GitHub issues, its so frustrating.
-
Nas (@Nas_tech_AI) reportedYou can’t believe this: you spent more on coffee this month than on a startup’s infrastructure. If you’re still waiting for the “right moment” to build, this is it. The cost of entry has never been lower. - Claude = coding ($20/mo) - Supabase = backend (free) - Vercel = deploying (free) - Namecheap = domain ($12/yr) - Stripe = payments (2.9%/transaction) - GitHub = version control (free) - Resend = emails (free) - Clerk = auth (free) - Cloudflare = DNS (free) - PostHog = analytics (free) - Sentry = error tracking (free) - Upstash = Redis (free) - Pinecone = vector DB (free) Total monthly cost to run a startup: ~$21 There has never been a cheaper time to build.