In stunning display of stupid, secret CISA credentials found in public GitHub repo

Found 8 hours ago ago at Arstechnica

Security researcher Brian Krebs brings us the news that Americas Cybersecurity & Infrastructure Agency CISA has had a large store of plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets exposed in a public GitHub repo since at least November 2025. The now offline public repo—named, somewhat aspirationally, Private CISA—was brought to Krebs attention by GitGuardians Guillaume Valadon , who was alerted to the repos presence by GitGuardians public code scans. Krebs...

Read the full article at Arstechnica

More Developer News

In stunning display of stupid, secret CISA credentials found in public GitHub repo

Found 8 hours ago at Arstechnica

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens â and incredibly obvious filenames

Found 8 hours ago at The Register

Airbus gets HPC-as-a-service supercomputer from Bull

Found 11 hours ago at The Register

Broadcom finds a VMware customer willing to stick around: London Stock Exchange

Found 13 hours ago at The Register

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Found 13 hours ago at The Register

In stunning display of stupid, secret CISA credentials found in public GitHub repo

In stunning display of stupid, secret CISA credentials found in public GitHub repo

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens â and incredibly obvious filenames

Airbus gets HPC-as-a-service supercomputer from Bull

Broadcom finds a VMware customer willing to stick around: London Stock Exchange

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens â and incredibly obvious filenames