Lawmakers Demand Answers on CISA GovCloud Credential Leak

More than a week after CISA was notified that its cloud credentials were sitting on public GitHub, the federal cyber agency still hasn't rotated all the leaked keys — and lawmakers in both houses of Congress are demanding answers.

On May 19, 2026, I covered how a Nightwing contractor for CISA published admin keys to three AWS GovCloud accounts plus plaintext passwords for dozens of internal CISA systems in a public GitHub repository that stayed up for six months. As of May 22, CISA has rotated one exposed RSA private key, but researcher Dylan Ayrey told KrebsOnSecurity that credentials tied to other critical security technologies still aren't rotated. Experts believe criminals likely noticed the secrets before the repository came down, since bots monitor public GitHub commits in real time. Senator Maggie Hassan (D-NH) sent acting CISA Director Nick Andersen a dozen questions about the breach, raising concerns about CISA's internal policies. House Homeland Security ranking member Bennie Thompson (D-MS) and Rep. Delia Ramirez (D-IL) sent a separate letter, warning the leaked files could be a roadmap for adversaries into federal systems. CISA still says there is no indication sensitive data was compromised.

Source:
https://krebsonsecurity.com/2026/05/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak/

More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.

#cybersecurity #cisa #govcloud

Видео Lawmakers Demand Answers on CISA GovCloud Credential Leak канала Hake Hardware