Sensitive access credentials for internal systems and cloud environments belonging to the U.S. cybersecurity watchdog Cybersecurity and Infrastructure Security Agency (CISA) have been publicly exposed on GitHub.
This was reported by Brian Krebs on his site KrebsOnSecurity. According to security researchers, the data included AWS GovCloud keys, plaintext passwords, and internal DevSecOps files.
The data was stored in a public GitHub repository named Private-CISA, which, according to KrebsOnSecurity, was managed by a CISA contractor. Researchers from security firms GitGuardian and Seralys discovered that the repository provided access to various internal environments and software repositories of the U.S. government.
According to researchers, the leaked files contained administrative keys for multiple AWS GovCloud accounts. AWS GovCloud is a secure cloud environment from Amazon Web Services specifically designed for sensitive U.S. government data.
Researchers from security firm Seralys also say they have confirmed that multiple leaked AWS GovCloud accounts were indeed accessible with high privileges. The repository is also said to have contained CSV files with plaintext usernames and passwords for internal CISA systems.
Furthermore, credentials for internal software repositories and build environments were reportedly leaked. Philippe Caturegli of Seralys warns that access to such repositories is attractive to attackers seeking to embed malware or backdoors into software builds. As a result, compromises could spread further within government environments.
According to GitGuardian, the repository administrator had also disabled GitHub functionality that normally prevents secret keys or passwords from being published publicly. Ars Technica reports that the repository was likely publicly accessible as early as November 2025.
Researchers also found passwords that were relatively easy to guess, such as combinations of platform names with the current year. KrebsOnSecurity reports that the repository was likely used as a synchronization point between the contractor’s various devices.
CISA confirmed to KrebsOnSecurity that the incident is under investigation. According to the agency, there are currently no indications that sensitive data was actually misused. However, the agency says it is taking additional measures to prevent a recurrence.
Notably, according to researchers, some of the leaked AWS keys remained valid for approximately 48 hours after CISA was notified of the breach and the GitHub repository was taken offline.
The repository is said to have been managed by an employee of Nightwing, an American contractor that works for government agencies. Nightwing referred KrebsOnSecurity’s questions to CISA.
CISA / data breach / GitHub
"*" indicates required fields
With a CEO who positively likes to call software automation services …
In recent weeks, alarm bells have been ringing repeatedly over critical vulnerabilities in the Linux kernel. …
Akamai is a cloud cybersecurity company that dedicates itself to the provision of what it calls “superior t…
The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using…
Anthropic allows Project Glasswing partners to share findings from the Mythos cybersecurity model with partie…
Enterprise infrastructure has reached a turning point where planned d…
Continuous deployment offers quicker releases and better software, bu…
If anyone was ever forced to pick the tritest phrase in the world, it…
The new SOC in the Netherlands further strengthens mnemonic’s regio…
How do you ensure your company data is both secure and quickly recove…
“A Buyer’s Guide to Enterprise Linux” comprehensively analyzes the mo…
The Data Protection Guide 2025 explores the essential strategies and…
The white paper “DNS Best Practices” by Infoblox presents essential g…
Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.
© 2026 Dolphin Publications B.V.
All rights reserved.
U.S. cybersecurity agency leaks GovCloud keys on GitHub – Techzine Global
Leave a Comment
