Public GitHub repo exposed CISA secrets, enabling high-privilege access

May 20, 2026 at 12:33 AM

•

1 min read

Public GitHub repo exposed CISA secrets, enabling high-privilege access — Photo: Ars Technica

TL;DR Summary

Security researchers revealed that a public GitHub repo named Private-CISA exposed plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets since at least November 2025, potentially enabling high-privilege access to AWS GovCloud; the repo is now offline and reportedly managed by Nightwing, a CISA contractor, which has not publicly commented, following earlier CISA missteps including a director uploading sensitive docs to ChatGPT.

Topics:business #aws-govcloud #cisa #credentials #github #security #ssh-keys

Share this article

In stunning display of stupid, secret CISA credentials found in public GitHub repo Ars Technica
CISA Admin Leaked AWS GovCloud Keys on Github Krebs on Security
‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub Gizmodo
Senator requests "urgent" classified briefing on CISA's internal credential leaks Axios
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames The Register

Reading Insights

Total Reads

Unique Readers

Time Saved

9 min

vs 10 min read

Condensed

97%

1,928 → 64 words

Want the full story? Read the original article

Read on Ars Technica

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights