Brian Krebs
Coverage of Brian Krebs in the Nexus archive.
- Senator presses CISA for answers about alleged GitHub repository leak
U.S. Senator Maggie Hassan demands answers from CISA about an alleged breach involving government contractor Nightwing, uncovered by cybersecurity reporter Brian Krebs. The breach allegedly involves a GitHub repository leak. Senator Hassan sent a letter to the acting director of CISA.
- In stunning display of stupid, secret CISA credentials found in public GitHub repo
America's Cybersecurity & Infrastructure Agency (CISA) had a large store of sensitive assets exposed in a public GitHub repository since at least November 2025. The repository, named 'Private-CISA', contained plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets. Security researcher Brian Krebs reported the incident after being approached by Guillaume Valadon from GitGuardian.
- America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
The US Cybersecurity and Infrastructure Security Agency (CISA) left a GitHub repository open with sensitive information, including passwords and keys, for six months. The leak was discovered by GitGuardian researcher Guillaume Valadon, who reported it to CISA, which then took down the repository. The incident is a significant security lapse for the agency.
- US cyber agency CISA exposed reams of passwords and cloud keys to the open web
The US federal cybersecurity agency CISA exposed plaintext passwords and cloud keys to the public web by uploading a spreadsheet to a GitHub repository. This was discovered through a report by independent journalist Brian Krebs. The incident raises concerns about the agency's handling of sensitive information.