Secret CISA Credentials Found in Public GitHub Repo
Researchers said the archive held credentials for three AWS GovCloud servers and dozens of internal CISA systems, while CISA said no sensitive data was compromised.
- On Friday, May 15, 2026, a public GitHub repository maintained by Nightwing, a government contractor, exposed 844 MB of sensitive U.S. Cybersecurity and Infrastructure Security Agency credentials before being taken offline.
- Created in November 2025, the "Private-CISA" repository contained plaintext passwords and an explicit "how-to guide for disabling GitHub's secret scanning," which GitGuardian researcher Guillaume Valadon called a "catalogue of unsafe practices."
- Exposed files included administrative access to AWS GovCloud and internal systems like "LZ-DSO," the agency's secure code development environment, which security consultant Philippe Caturegli confirmed could allow attackers a "persistent foothold."
- CISA is investigating but claims "there is no indication that any sensitive data was compromised," while the agency has operated without a permanent director since January 20, 2025, following Jen Easterly's departure.
- The incident exposes systemic vulnerabilities as CISA faces deep budget cuts and reduced staffing while maintaining responsibility for protecting national digital infrastructure from cyber threats.
16 Articles
16 Articles
CyberScoopcybernoz.comCISA credential leak raises alarms, and Capitol Hill demands answers
Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential for abuse by any malicious parties who got a hold of the information. Secur…
The Register
IT Security News - cybersecurity, infosecurity newsAmerica's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text passwords, private keys, tokens, and secrets – with obvious file names like “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv” – for six months. GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told T…
Irony alert: Trump's top cybersecurity agency exposed its own passwords online
In a striking case of doing the opposite of what it's supposed to do, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) left its most sensitive digital passwords sitting in plain sight on the public internet for months.Think of it like this: imagine the agency that's supposed to protect America's digital locks accidentally left all the keys to those locks sitting in a public park. And worse, the keys had labels on them that said e…
Coverage Details
Bias Distribution
- 75% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
