CISA Contractor Exposed GovCloud Admin Keys on GitHub

A contractor for CISA, the federal cybersecurity agency, left admin credentials to AWS GovCloud and dozens of internal CISA systems sitting in a public GitHub repository for six months. Caught not by CISA, but by an outside researcher.

The repository, called "Private-CISA," was created on November 13, 2025 and discovered on May 15, 2026 by GitGuardian researcher Guillaume Valadon. Inside were administrative keys to three AWS GovCloud accounts, plus a file containing plaintext usernames and passwords for dozens of internal CISA systems, alongside logs and documentation describing how CISA builds, tests, and deploys software internally. The contractor — an employee of Nightwing, a Dulles, Virginia federal cyber services firm — had disabled GitHub's built-in secret detection. The repo came down after Krebs on Security and Seralys notified CISA. CISA said there is currently no indication sensitive data was compromised. The AWS GovCloud keys remained valid for 48 hours after the repository was taken offline.

Source:
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.

#cybersecurity #cisa #govcloud

Видео CISA Contractor Exposed GovCloud Admin Keys on GitHub канала Hake Hardware