GitHub Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

GitHub Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Sir Yusuf (@yusufxdev) reported 15 seconds ago

  digitalocean support told me they’re winding down their participation in the github pack and credits will expire on july 31 2026 check your billing credits page so you don’t leave paid resources running after that

• 
  Nick Puru (@NicholasPuru) reported 2 minutes ago

  You spent 10 years learning your job. Openai just turned it into a free download. 110 skills across 6 careers, written down by their own experts, published on github for anyone to install. If a markdown file can do your work, it was never expertise. it was a checklist nobody had written down yet. study this 👇

• 
  AI Security Brief (@aisecbrief) reported 2 minutes ago

  LLM agents in GitHub Actions can be hijacked via issue comments. Attackers can trick agents into leaking creds or running This exploits popular automation tools developers use. Secure your LLM agent inputs. #AISecurity #CyberAI 🔗 Source in replies

• 
  Vasyl Semiliak (@vasylsemiliak) reported 2 minutes ago

  @haydenbleasel I'm afraid clicking that will take GitHub down again

• 
  DFIR Lab (@DFIR_Lab) reported 3 minutes ago

  🦅 Tool Tuesday: Hayabusa — Fast Windows Event Log Analysis for Threat Hunters When you're knee-deep in a Windows compromise and staring at gigabytes of EVTX files, speed matters. Hayabusa is a Rust-based event log analyzer that rips through Windows event logs at scale, applying Sigma-compatible detection rules to surface threats fast. Built by Yamato Security, it ships with 4000+ built-in detection rules covering everything from credential dumping to lateral movement. It scans EVTX files offline, generates a consolidated timeline of security-relevant events, and outputs to CSV, JSON, or HTML — whatever fits your workflow. Real-world use case: You've pulled EVTX logs from 50 endpoints during an active IR engagement. Instead of manually parsing Security.evtx looking for 4624/4625 patterns, you point Hayabusa at the entire dataset. Within minutes, you have a sorted timeline flagging Mimikatz execution, suspicious PowerShell, and abnormal logon patterns — all color-coded by severity. Why it matters: Traditional EVTX analysis is slow. Hayabusa's Rust core makes it blazing fast, and Sigma rule compatibility means your existing detection content works out of the box. It's offline-capable, so you can analyze logs on an isolated IR laptop without network dependencies. Alternatives: DeepBlueCLI (PowerShell-based, lighter but slower), EvtxECmd (Eric Zimmerman's tool, great for parsing but less detection-focused), and Chainsaw (another Rust option with Sigma support). Get it: hXXps://github[.]com/Yamato-Security/hayabusa #DFIRTools #IncidentResponse

• 
  Slkoshka (@Slkoshka) reported 6 minutes ago

  @bee_fumo I got curious how Omarchy was handling this because my main complaint about it was automatic AUR updates. There's literally no discussion about this at all. There's one GitHub issue with zero replies and a Reddit post with like 3 comments. Those people live in their own world.

• 
  Rituraj (@RituWithAI) reported 9 minutes ago

  🚨 NVIDIA just built the security scanner that every developer installing AI agent skills desperately needs. And almost nobody is using it yet. Here's the problem that's been quietly growing for months. Skills are the new plugins. Claude Code skills. OpenClaw tools. MCP servers. Cursor plugins. Every AI agent framework now has a marketplace of community-built skills you can install with one command. One command. That skill now runs inside your AI agent. With access to everything your agent can access. Your codebase. Your file system. Your API keys. Your environment variables. Your production infrastructure. How many developers are reading the source code of every skill they install before running it? Almost none. That's the threat surface. And until now, nobody built a tool to audit it. NVIDIA's SkillSpector scans any AI agent skill — SKILL.md files, MCP server definitions, tool configurations — and detects what's actually inside before you install it. Here's what it actually scans for: → Prompt injection attacks — instructions hidden inside skills designed to hijack your agent's behavior → Malicious patterns — code designed to exfiltrate data, execute arbitrary commands, or escalate privileges → Credential harvesting — skills that quietly capture API keys, tokens, or environment variables → Supply chain vulnerabilities — dependencies with known CVEs or suspicious update patterns → Excessive permission requests — skills asking for access far beyond what their stated function requires → Data exfiltration vectors — network calls, file writes, or external API calls that weren't disclosed One command to scan any skill before installing: Green: safe to install. Yellow: review these findings. Red: do not install. Here's why the timing matters. In the last month alone, the AI agent skills ecosystem exploded. K-Dense Scientific Agent Skills. last30days-skill. Superpowers. Hermes Agent skills. MemPalace. Dozens more releasing every week. Every one of them runs with the same permissions as your AI agent. Every one of them is a potential supply chain attack vector. The npm ecosystem learned this the hard way — malicious packages with thousands of downloads before anyone noticed. The AI skills ecosystem is two months old and already has the same attack surface. SkillSpector is the npm audit for AI agent skills. Built by NVIDIA. Available now. 113 GitHub stars. Day one. This one matters. 100% Open Source. Apache 2.0 License. GitHub link in the comments

• 
  subwxxf 🏴‍☠️ (@subwxxf) reported 12 minutes ago

  @ItakGol a bunch of nerds doing **** for free on GitHub because they're not working

• 
  viktorg (@viktorg475) reported 13 minutes ago

  @iamdavidhill @opencode You have over 500 pages of open issues on GitHub.

• 
  Dan Liu (@danliu) reported 18 minutes ago

  It’s pretty astonishing that $MSFT is down 11% in the last 2 years. Rewind 2 years and it looked perfectly positioned for the AI boom. It owns: - windows, the dominant pc os - github, where most of the world’s code is - vscode, the most popular ide - deepest partnership with openai - most number of enterprise contracts - office, where most non-coding computer tasks take place And today it doesn’t have anything compelling to offer. How did that happen?

• 
  Asher Crowe 🪺 (@ashercrw) reported 19 minutes ago

  A 24-YEAR-OLD KID IN CHENGDU IS WALKING THROUGH HOTELS AND APARTMENT BUILDINGS WITH A BACKPACK STRAPPED TO HIM, SCANNING THEM IN 20 MINUTES, AND BILLING $400 A POP PLUS $99 RECURRING. His operating cost is $20 a month. His month-six revenue is $18,000. He didn't build the tech. He didn't write a single line of code. He just looked at his own neighborhood and saw an inventory list nobody had monetized yet. Going to break this one down because the model is so simple it almost feels illegal. Walk down any commercial street in any city on earth. Hotels, short-term rentals, restaurants, gyms, dental offices, co-working spaces, boutique stores. Every single one of those businesses has a website. Every single one of those websites has photos that look exactly like every other listing in their category. Generic angles. Wide shots. The same beige interior with the same plant in the same corner. The 24-year-old looked at that pattern and saw a gap. What if a customer could stand inside the room before booking? What if guests could walk through the suite from their couch in Berlin and tour every angle before committing to three nights? What if the listing wasn't a flat photo set but a full 3D space the buyer could explore in their browser? That's the entire pitch. He walks into a property with a rig on his back. Camera, gimbal, capture device, all running off a phone. Twenty minutes per room, sometimes less. Walks every corner, captures every angle, leaves. By the time he's at the next building, the previous scan is already uploading. The tech doing the heavy lifting is 3D Gaussian Splatting. It's been free and open source on GitHub since 2023. It turns a video walkthrough into a navigable 3D scene that runs in any modern browser without needing a download, a plugin, or special hardware. The capture happens through Luma AI, which is also free at the tier he uses. The delivery page he gives the client is a one-pager that embeds the scan, includes the property name, hours, contact info, and a booking link. Built entirely with Claude in ten minutes per client. He doesn't even host it himself. He drops the file on a free static host and sends the URL. His full monthly tool stack runs $20. That's the entire operation. The pricing is the part that breaks people. $400 per scan, paid upfront. $99 per month for hosting and updates. He pitches it as "fix your cancellation rate and your bad reviews in 20 minutes, then keep it live for less than a Netflix subscription." Hotels say yes immediately. Short-term rental owners say yes faster. Dental offices, of all things, are his quietest gold mine. People want to see the chair before they sit in it. Month one he closed nine clients. $3,500 in upfront fees, plus the recurring stack starting to compound. He kept walking, kept knocking, kept demoing. By month three he had 28 clients. By month six the recurring revenue alone covered his rent, his food, and his entire tool stack twice over. The upfront fees became pure margin. Month six total: $18,000. From a guy with a backpack and a free app. Now here is the part nobody is going to talk about openly. The streets did not change. The hotels did not change. The technology has been sitting on GitHub for two years, free for anyone to download. Claude has been around for a similar window. Luma AI has been a public app for ages. Every single piece of this stack was available to everyone reading this post. What changed is one guy in Chengdu decided to be the person who packaged it. He looked at his neighborhood the way most people look at a deck of unsorted cards. Every building was a potential client. Every street was a route. Every property manager was a 20-minute conversation away from $400. The friction nobody else had bothered to clear was the friction he cleared. A few realizations worth sitting with. The opportunities in AI right now are not in building models. They are in walking the streets that existing models can already serve and finding the businesses that don't know the tools exist yet. Most of your local economy has not heard of Luma AI. Most of them have never heard of Gaussian Splatting. They have heard of being undercut on TripAdvisor for not having good photos. The arbitrage between "what the tools can do" and "what local businesses know the tools can do" is the single most overlooked opportunity in the current cycle. It's not going to last forever. The gap closes every month as awareness spreads. But right now, in your city, on your street, there are probably 200 small businesses who would pay $400 today for a 20-minute walk-through that could be live on their site by Friday. The 24-year-old in Chengdu didn't invent anything. He just got there first. Walk outside. Count the businesses on your block that still have bad photos. That's your client list.

• 
  voiceclick.ai (@voiceclickai) reported 19 minutes ago

  Microsoft, Google, and Meta are all building "OpenClaw-style" agents now. 377,000 GitHub stars and the big players blinked. Open source won. The question is whether they'll do it justice or water it down into enterprise bloatware.

• 
  DFIR Radar (@DFIR_Radar) reported 24 minutes ago

  OceanLotus shifts from external to domestic espionage with two campaigns targeting Vietnamese 🇻🇳 stock investors and infrastructure firms using SPECTRALVIPER backdoor. Active from 2024-2026, operations likely support Vietnam's 🇻🇳 anti-corruption crackdown. Key technical details: • Supply-chain compromise of FireAnt MetaKit update server (metakit.fireant[.]vn) delivered SPECTRALVIPER via unsigned updates from Oct 2025-Mar 2026 • Corporate network intrusion targeting Vietnamese 🇻🇳 construction company Nov 2024-Feb 2026, suspected SQL Server RCE initial access • SPECTRALVIPER uses DLL side-loading (T1574.002), process injection into OneDrive.Sync.Service.exe, encrypted HTTPS C2 with domain-fronting • C2 domains crafted per campaign: financemachinelearning[.]com for stock targeting, gatewayrvcenter[.]com for infrastructure targeting • Orchestration model uses named pipes for lateral movement between compromised hosts OPSEC failure exposed RTTI class structure revealing XGU framework with Pivot orchestration and Feature remote control capabilities. Hunt for unsigned DLLs side-loading into legitimate signed executables (dtlupdate.exe copies) and HTTP Cookie headers with euconsent-v2= or zd_cs_pm= prefixes to suspicious domains. Full IOC list available in ESET GitHub repository. #DFIR_Radar

• 
  Reeya (@sharmaa__12) reported 25 minutes ago

  Mistake in RESUME !!!! 📩 I review 100s of resumes daily, and I need to clear up one basic formatting mistake I keep seeing on recent applications. Many candidates are now hyperlinking their email IDs or setting up their phone numbers so that clicking them automatically triggers a laptop’s calling app or mail client. You might think adding these interactive elements makes your resume look tech-savvy and "cool” In reality? It just makes an HRs or Referres job harder. No recruiter is ever going to click your resume to call you directly from their laptop or send a standalone email straight from a PDF. It is fed into an ATS (Applicant Tracking System) which automatically parses and extracts your text data into our internal database. Complex hyperlinks can sometimes break this parsing, causing formatting errors. If you want to use hyperlinks, save them for the right places. Do link your portfolio, GitHub, or LinkedIn profile. But leave your email and phone number as plain, unlinked text.

• 
  Matthew Belcher (@Trigun420) reported 25 minutes ago

  @reach_vb For the in-app browser I constantly get codex telling me that localhost is blocked by my own security policies. I have tried adding it to the allowlist, updated config.toml, etc.. Is there a fix for this? Github issues are present as well...