CISA Secret Credentials Exposed in Public GitHub Repository
Original: In stunning display of stupid, secret CISA credentials found in public GitHub repo
Why This Matters
Major cybersecurity breach at agency responsible for protecting US infrastructure
America's Cybersecurity & Infrastructure Agency had plaintext passwords, SSH keys, and sensitive credentials exposed in a public GitHub repo since November 2025. Security researcher Brian Krebs reported the breach after GitGuardian discovered the misconfigured repository.
A public GitHub repository named 'Private-CISA' contained plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets since at least November 2025. Security researcher Brian Krebs reported the incident after GitGuardian's Guillaume Valadon alerted him to the exposure. The repo's administrator had reportedly disabled GitHub's default protections against committing secrets. Testing confirmed the credentials provided access to multiple Amazon Web Services GovCloud accounts at high privilege levels. The repository appeared to be managed by Virginia-based Nightwing, a CISA contractor. This follows previous CISA security incidents, including acting Director Madhu Gottumukkala uploading sensitive documents to ChatGPT in January before being removed in February.