GitGuardian
Coverage of GitGuardian in the Nexus archive.
- CISA credential leak raises alarms, and Capitol Hill demands answers
The Cybersecurity and Infrastructure Security Agency (CISA) is investigating a reported exposure of sensitive agency credential data on GitHub, which was discovered by security firm GitGuardian. Congressional Democrats are demanding answers from CISA about the incident. The exposure has raised concerns about potential abuse by malicious parties.
- In stunning display of stupid, secret CISA credentials found in public GitHub repo
America's Cybersecurity & Infrastructure Agency (CISA) had a large store of sensitive assets exposed in a public GitHub repository since at least November 2025. The repository, named 'Private-CISA', contained plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets. Security researcher Brian Krebs reported the incident after being approached by Guillaume Valadon from GitGuardian.
- America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
The US Cybersecurity and Infrastructure Security Agency (CISA) left a GitHub repository open with sensitive information, including passwords and keys, for six months. The leak was discovered by GitGuardian researcher Guillaume Valadon, who reported it to CISA, which then took down the repository. The incident is a significant security lapse for the agency.
- CISA Admin Leaked AWS GovCloud Keys on Github
A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) exposed credentials to AWS GovCloud accounts and internal CISA systems on a public GitHub repository. The leak included files detailing how CISA builds, tests, and deploys software internally. The exposed credentials represent a significant government data leak.