{"id":337629,"date":"2026-05-20T07:31:30","date_gmt":"2026-05-20T02:01:30","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=337629"},"modified":"2026-05-20T07:31:30","modified_gmt":"2026-05-20T02:01:30","slug":"secret-cisa-credentials-present-in-public-github-repo","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/05\/20\/secret-cisa-credentials-present-in-public-github-repo\/","title":{"rendered":"Secret CISA credentials present in public GitHub repo"},"content":{"rendered":"<div>\n<p>Security researcher Brian Krebs <a href=\"https:\/\/krebsonsecurity.com\/2026\/05\/cisa-admin-leaked-aws-govcloud-keys-on-github\/\">brings us the news<\/a> that America\u2019s <a href=\"https:\/\/www.cisa.gov\/\">Cybersecurity &#038; Infrastructure Agency<\/a> (CISA) has had a big store of plaintext passwords, SSH private keys, tokens, and \u201cother sensitive CISA assets\u201d exposed in a public GitHub repo since a minimum of November 2025.<\/p>\n<p>The now-offline public repo\u2014named, somewhat aspirationally, \u201cPrivate-CISA\u201d\u2014was dropped at Krebs\u2019 attention by GitGuardian\u2019s <a href=\"https:\/\/blog.gitguardian.com\/author\/guillaumevaladon\/\">Guillaume Valadon<\/a>, who was alerted to the repo\u2019s presence by GitGuardian\u2019s public code scans. Krebs says that Valadon approached him after receiving no responses from the Private-CISA repo\u2019s owner.<\/p>\n<p>In an email to Krebs, Valadon claimed that the repo\u2019s commit logs show that GitHub\u2019s default protections against committing secrets\u2014protections designed to guard unwitting or unskilled developers against exactly this type of stupidness\u2014had been disabled by the repo\u2019s administrator.<\/p>\n<p>Testing by <a href=\"https:\/\/seralys.com\/about\/\">Seralys founder Philippe Caturegli<\/a> showed that this was not a joke or hoax and that he was in a position to use the credentials within the Private-CISA repo to achieve access to multiple Amazon Web Services GovCloud accounts \u201cat a high privilege level.\u201d<\/p>\n<p>Krebs notes that the repo gave the impression to be managed by Virginia-based <a href=\"https:\/\/nightwing.com\/\">Nightwing<\/a>, a CISA contractor. Nightwing has to this point not commented publicly, as a substitute referring questions back to CISA.<\/p>\n<p>This isn\u2019t the primary time CISA has screwed up\u2014in actual fact, it\u2019s not even the primary time <em>this yr<\/em>. In January, <a href=\"https:\/\/www.politico.com\/news\/2025\/12\/21\/cisa-acting-director-madhu-gottumukkala-polygraph-investigation-00701996\">polygraph-failing<\/a> acting CISA Director Madhu Gottumukkala uploaded sensitive government documents to ChatGPT after demanding and receiving an exemption to the agency policy that prohibited ChatGPT\u2019s use by CISA personnel. Gottumukkala was <a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisa-acting-director-removed-madhu-gottumukkala\/813378\/\">faraway from his role in February<\/a>.<\/p>\n<\/p><\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researcher Brian Krebs brings us the news that America\u2019s Cybersecurity &#038; Infrastructure Agency (CISA) has had a big store of plaintext passwords, SSH private keys, tokens, and \u201cother sensitive CISA assets\u201d exposed in a public GitHub repo since a minimum of November 2025. The now-offline public repo\u2014named, somewhat aspirationally, \u201cPrivate-CISA\u201d\u2014was dropped at Krebs\u2019 attention [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":337630,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[51919,10713,9107,2794,26328,595],"class_list":["post-337629","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-cisa","tag-credentials","tag-github","tag-public","tag-repo","tag-secret"],"aioseo_notices":[{"message":"The permalink for this post just changed! This could result in 404 errors for your site visitors.","status":"warning","options":{"id":"0a2ae5f84bc2c0423042ed7ec22d2e40","isDismissible":true,"actions":[{"url":"https:\/\/ebiztoday.news\/wp-admin\/admin.php?page=aioseo-redirects","label":"Add Redirect to improve SEO","class":"aioseo-redirects-slug-changed"}]},"allowedContexts":["posts"]}],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/337629","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=337629"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/337629\/revisions"}],"predecessor-version":[{"id":337632,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/337629\/revisions\/337632"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/337630"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=337629"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=337629"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=337629"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}