In stunning display of stupid, secret CISA credentials found in public GitHub repo
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Critical security breach with plaintext creds – highly actionable
CISA contractor Nightwing leaked plaintext passwords, SSH keys, and tokens in a public GitHub repo named 'Private-CISA' since November 2025, with GitHub's default secret scanning protections deliberately disabled by the repo admin. Security researchers Krebs and GitGuardian's Valadon uncovered the exposure, and Seralys founder Caturegli confirmed he could use the credentials to access AWS GovCloud accounts at high privilege. This follows CISA's earlier ChatGPT incident this year, highlighting systemic failures in credential management and default security controls.
- Never disable GitHub's default secret scanning protections without a documented, audited exception policy, and integrate automated secret detection (e.g., GitGuardian, truffleHog) into your CI/CD pipeline to catch leaks before merge.
For a solutions architect focused on cloud infrastructure and CI/CD security, this is a concrete case study of how disabling default secret scanning protections (even temporarily) can lead to full GovCloud compromise—a direct caution against overriding platform defaults without compensating controls.
Lee Hutchinson — Lee is the Senior Technology Editor, and has been with Ars Technica since 2012. He oversees story development for the gadget, culture, IT, AI, and video sections of Ars Technica—and, when he's able, writes the occasional story in one of those...