📰 CISA Contractor Leaks AWS GovCloud Keys and Internal System Credentials on Public GitHub Repo
‼️ MAJOR LAPSE: A CISA contractor leaked plaintext AWS GovCloud keys & internal system credentials on a public GitHub repo for months. The incident has sparked a congressional inquiry into the agency's security practices. #CISA #DataBreach #GovCloud
🌐 cyber[.]netsecops[.]io
🔗 https://cyber.netsecops.io/articles/cisa-contractor-leaks-govcloud-keys-on-public-github-sparking…
📰 CISA Contractor Leaks AWS GovCloud Keys and Internal System Credentials on Public GitHub Repo
‼️ MAJOR LAPSE: A CISA contractor leaked plaintext AWS GovCloud keys & internal system credentials on a public GitHub repo for months. The incident has sparked a congressional inquiry into the agency's security practices. #CISA #DataBreach #GovCloud
🌐 cyber[.]netsecops[.]io
🔗 https://cyber.netsecops.io/articles/cisa-contractor-leaks-govcloud-keys-on-public-github-sparking…
"CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
On May 15, KrebsOnSecurity heard from Guillaume Valadon, a researcher with the security firm GitGuardian. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.
The GitHub repository that Valadon flagged was named “Private-CISA,” and it harbored a vast number of internal CISA/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets.
Valadon said the exposed CISA credentials represent a textbook example of poor security hygiene, noting that the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories."
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CyberSecurity #CISA #GitHub #AWS #CloudComputing #DHS #GovCloud
This Week in Security: AI Generated Reports, More AI Generated Reports, GitHub Chaos, and More Linux Vulnerabilities
Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project…
Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project…
"Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged #AWS #GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how #CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history."
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
#CISA Admin #Leaked #AWS #GovCloud Keys on #Github
contractor for #Cybersecurity & #Infrastructure #Security Agency maintained a public GitHub repository that exposed #credentials to several highly privileged AWS GovCloud accounts & a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests & deploys software internally, & that it represents one of the most egregious gov data leaks in recent history
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
https://winbuzzer.com/2026/05/19/cisa-admin-leaked-aws-govcloud-keys-on-github-xcxwbn/
A contractor-linked public GitHub repository exposed privileged AWS GovCloud credentials and internal CISA access material.
#CISA #GitHub #AWS #CloudSecurity #SecurityBreach #DataSecurity #Cybersecurity #USGovernment #GovCloud
CyberNetsecIO
Miguel Afonso Caetano
Hackaday [Unofficial]
Colan Schwartz
Henry Edward Hardy
The New Oil
PrivacyDigest
Winbuzzer