Find notable cyber news and cases, enriched with sources, timelines, and signals.

Congress demands CISA answers on GitHub credential leak

Public Sector Action
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Lawmakers in both houses of Congress demanded answers from CISA after a contractor exposed AWS GovCloud keys and other secrets on public GitHub. The letters pressed the agency on how the leak happened, how long the exposure lasted, and whether contract support was being managed safely. The scrutiny raises pressure on CISA as it works to invalidate and replace leaked credentials.

Related Happenings

CISA zero-trust SASE guidance for TIC 3.0

Public Sector Action
H score30 First: 25.06.2026 14:30 Last: 25.06.2026 14:30 Sources 1

About this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...

CISA FortiBleed mitigation guidance

Advisory/Mitigation
H score67 First: 19.06.2026 09:47 Last: 19.06.2026 09:47 Sources 1

About this happening: **CISA** issued mitigation guidance for **FortiBleed**, urging operators of **internet-accessible Fortinet devices** to harden exposed **FortiGate** and VPN environments after a *...

FortiBleed Fortinet/FortiGate VPN credential leak

Data Leak
H score80 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...

Latest development: 19.06.2026 09:47

CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.

CISA revises CIRCIA town hall schedule

Public Sector Action
H score21 First: 26.05.2026 15:00 Last: 26.05.2026 15:00 Sources 1

About this happening: CISA **revised the schedule** for **virtual town halls** on the **CIRCIA rulemaking**, reopening stakeholder engagement on a cybersecurity reporting rule that will affect **critic...

CISA launches KEV Nomination Form

Public Sector Action
H score38 First: 21.05.2026 15:00 Last: 21.05.2026 15:00 Sources 1

About this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....

Timeline

  1. 22.05.2026 19:34 1 articles · 1mo ago

    CISA contractor exposes AWS GovCloud keys and internal credentials on public GitHub

    Initial Disclosure

    A CISA contractor with administrative access to the agency’s code development platform created a public GitHub profile called Private-CISA that contained plaintext credentials for dozens of internal CISA systems, including AWS GovCloud keys; reviewers said the commit logs showed GitHub’s built-in protection against publishing sensitive credentials in public repos had been disabled.

    Show sources
  2. 22.05.2026 19:34 1 articles · 1mo ago

    Congressional lawmakers demand answers from CISA over the credential leak

    Legal Policy Action Update

    Sen. Maggie Hassan sent a May 19 letter to Acting Director Nick Andersen, and Rep. Bennie Thompson, co-signed by Rep. Delia Ramirez, sent a separate May 19 letter warning that the leak may reflect diminished security culture and weak contract support management at CISA while the agency faced questions about internal policies and procedures.

    Show sources
  3. 22.05.2026 19:34 1 articles · 1mo ago

    CISA works to invalidate the exposed RSA private key and replace leaked credentials

    Mitigation Patch Update

    On May 20, KrebsOnSecurity notified CISA about findings from Dylan Ayrey that an exposed RSA private key in the Private-CISA repo could access a GitHub app owned by the CISA enterprise account and installed on the CISA-IT GitHub organization with full repository access; Ayrey said CISA appeared to invalidate that key afterward while other leaked credentials still needed rotation.

    Show sources