In stunning display of stupid, secret CISA credentials found in public GitHub repo
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Critical security breach with plaintext creds – highly actionable
CISA contractor Nightwing leaked plaintext passwords, SSH keys, and tokens in a public GitHub repo named 'Private-CISA' since November 2025, with GitHub's default secret scanning protections deliberately disabled by the repo admin. Security researchers Krebs and GitGuardian's Valadon uncovered the exposure, and Seralys founder Caturegli confirmed he could use the credentials to access AWS GovCloud accounts at high privilege. This follows CISA's earlier ChatGPT incident this year, highlighting systemic failures in credential management and default security controls.
Never disable GitHub's default secret scanning protections without a documented, audited exception policy, and integrate automated secret detection (e.g., GitGuardian, truffleHog) into your CI/CD pipeline to catch leaks before merge.
For a solutions architect focused on cloud infrastructure and CI/CD security, this is a concrete case study of how disabling default secret scanning protections (even temporarily) can lead to full GovCloud compromise—a direct caution against overriding platform defaults without compensating controls.
Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and “other sensitive CISA assets” exposed in a public GitHub repo since at least November 2025. The now-offline public repo—named, somewhat aspirationally, “Private-CISA”—was brought to Krebs’ attention by GitGuardian’s