Skip to content
The Nexus
SECURITYMay 19 · 18:27 UTCARS TECHNICALee Hutchinson

In stunning display of stupid, secret CISA credentials found in public GitHub repo

America's Cybersecurity & Infrastructure Agency (CISA) had a large store of sensitive assets exposed in a public GitHub repository since at least November 2025. The repository, named 'Private-CISA', contained plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets. Security researcher Brian Krebs reported the incident after being approached by Guillaume Valadon from GitGuardian.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this