Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA contractor GitHub repository exposed internal credentials

Data Leak
First reported
Last updated
Happening score
H score 28
1 unique sources, 2 articles

Summary

Hide ▲

A CISA contractor left a public GitHub repository exposing AWS GovCloud credentials and internal access material, creating a serious data leak involving sensitive government systems. The repository, Private-CISA, contained cloud keys, tokens, and plaintext passwords for internal CISA resources. Researchers later validated that the exposed credentials could access three AWS GovCloud accounts at a high privilege level. The exposure was removed, but the leaked material had already created a significant risk of unauthorized access and lateral movement.

Related Happenings

Single organization's private GitHub repository cloned after confirmed access

Data Leak
H score12 First: 09.07.2026 21:38 Last: 09.07.2026 21:38 Sources 1

About this happening: **Confirmed access** to a **private GitHub repository** belonging to **one organization** marks a concrete **data exposure** and raises the risk of source-code or internal-content...

FortiBleed Fortinet/FortiGate VPN credential leak

Data Leak
H score80 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...

Latest development: 19.06.2026 09:47

CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.

Congress demands CISA answers on GitHub credential leak

Public Sector Action
H score19 First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

How related: Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

GitHub data exposed after GitHub breach

Data Leak
H score35 First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

GitHub internal repositories private-code leak claim

Data Leak
H score46 First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Timeline

  1. 22.05.2026 19:34 1 articles · 1mo ago

    Lawmakers demand answers over CISA Private-CISA leak

    Legal Policy Action Update

    On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

    Show sources
  2. 18.05.2026 23:48 2 articles · 1mo ago

    Private-CISA repository exposes CISA and DHS credentials

    Initial Disclosure

    A contractor-maintained public GitHub repository named Private-CISA was created and exposed CISA and DHS secrets, including AWS GovCloud administrative credentials, cloud keys, tokens, plaintext passwords, logs, and files showing how CISA builds, tests, and deploys software internally.

    Show sources
  3. 18.05.2026 23:48 1 articles · 1mo ago

    Researchers validate Private-CISA credentials and CISA investigates

    Technical Analysis Update

    Researchers from GitGuardian and Seralys validated that the leaked AWS keys could authenticate to three AWS GovCloud accounts at a high privilege level, found plaintext credentials for CISA's internal artifactory and other systems, and CISA said it was investigating with no indication that sensitive data had been compromised. The repository was taken offline after notification, but the exposed AWS keys reportedly remained valid for another 48 hours.

    Show sources