A public GitHub repository containing highly sensitive internal credentials and systems used by the US Cybersecurity and Infrastructure Security Agency (CISA) has been revealed, based on information published by Tech Radar.The repository, named "Private-CISA" and maintained by contractor Nightwing, exposed AWS administrative credentials, access keys, tokens, plaintext usernames and passwords for internal CISA systems, and SSH keys. Security researchers confirmed the authenticity of the leak, with some credentials reportedly still functional. The repository detailed CISA's internal software build and deployment processes.While CISA stated there was no indication of sensitive data compromise, they are implementing additional safeguards to prevent future incidents. The repository was eventually locked down after researchers alerted the agency. The exact duration the repository remained accessible is unknown, but it was created in mid-November 2025.Source: Tech Radar
Government security
CISA contractor’s public GitHub repo exposed sensitive government credentials

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



