A public GitHub repository named 'Private-CISA' exposed sensitive CISA credentials, including plaintext passwords, SSH keys, and tokens, since at least November 2025. The repository, managed by CISA contractor Nightwing, had GitHub's default security protections disabled, allowing researchers to access high-privilege AWS GovCloud accounts. This incident follows other recent CISA security lapses, including the unauthorized use of ChatGPT by its acting director.
Background
CISA (Cybersecurity & Infrastructure Security Agency) is a US federal agency responsible for strengthening cybersecurity and infrastructure protection. GitHub is a widely used platform for software development and version control that includes security features to prevent accidental exposure of sensitive information.
- Source
- Ars Technica
- Published
- May 20, 2026 at 02:27 AM
- Score
- 8.0 / 10