May 21, 2026
If you built cost assumptions on Gemini 2.0 Flash pricing, 3.5 Flash is not a free upgrade—review the pricing page before switching.
Worth mentioning
If you built cost assumptions on Gemini 2.0 Flash pricing, 3.5 Flash is not a free upgrade—review the pricing page before switching.
Gemini 3.5 Flash was released GA at Google I/O 2026—skipping the preview label—and is priced higher than Gemini 2.0 Flash despite being in the 'Flash' (budget) tier. Google has deployed it across most of their key consumer products.
This is a real subdomain takeover vulnerability class that affects anyone with custom domains on GitHub Pages—even if the original Pages site was deleted or the domain was only briefly configured.
A developer discovered their custom domain was being served by a stranger's GitHub Pages site without permission. GitHub does not prevent domain takeover if the DNS CNAME is not actively validated against a specific repo.
If true, the breach could affect the security of GitHub Actions infrastructure, internal tooling, or token handling. GitHub users should watch for an official GitHub Security Advisory.
A threat actor named TeamPCP is claiming to have breached GitHub and obtained access to its internal source code repositories. The claim appears on cybersecuritynews.com and has not been confirmed or denied by GitHub.
⚠ Uncertainty: Claim is unconfirmed by GitHub as of this item's publication.
This is a potential secret leakage scenario. The claim is unconfirmed by Vercel but describes a concrete incident with email evidence cited.
A developer reports that Vercel exposed environment variables from one project to other projects on the same account, across all 10 of their projects.
⚠ Uncertainty: Claim unconfirmed by Vercel.
If you build on SQLite or libsql, some of these bugs may affect you—and Quint is apparently accessible enough for a small team to use effectively.
Turso engineers applied Quint (a formal specification and model checking tool) to model SQLite's state machines and uncovered more than 10 bugs in SQLite during the process.
Monitor
Anyone running self-hosted Postgres—including on VPS setups like Hetzner—can rely on pgBackRest for ongoing support.
pgBackRest, a popular open-source PostgreSQL backup and restore tool, has announced it will continue active development after some uncertainty about the project's future.
This implies a Claude Opus 4.7 model exists or is in testing, beyond the known Opus 4/4.5 line.
On May 19, 2026, the Anthropic status page logged an incident of elevated errors on 'Claude Opus 4.7'—a model version not previously known publicly. The incident was identified at 15:14 UTC, a fix implemented by 15:19, and resolved by 15:40 UTC.