DigiNews

Summary

Ars Technica reports that CISA credentials—plaintext passwords, SSH keys, tokens—were exposed in a public GitHub repo named Private-CISA since November 2025. The leak was uncovered by Krebs via GitGuardian, with evidence suggesting GitHub secret protections were disabled by the repo administrator. The credentials allegedly allowed high-privilege access to AWS GovCloud, highlighting contractor oversight issues and previous security missteps at CISA.