Secret CISA credentials found in public GitHub repo
Ars Technica • • business
Key Points:
- A public GitHub repository named "Private-CISA" containing plaintext passwords, SSH private keys, tokens, and other sensitive assets from the U.S. Cybersecurity & Infrastructure Agency (CISA) was exposed since at least November 2025.
- The repository was discovered by GitGuardian through public code scans and reported to security researcher Brian Krebs after attempts to contact the repo owner went unanswered.
- Commit logs revealed that GitHub’s default secret protections had been deliberately disabled by the repository administrator, increasing the risk of credential exposure.
- Security testing confirmed that the leaked credentials allowed access to multiple Amazon Web Services GovCloud accounts with high privilege levels.
- The repository appeared to be managed by Nightwing, a CISA contractor based in Virginia, who has not publicly responded and has referred inquiries back to CISA.