Congress demands CISA answers on GitHub credential leak
Public Sector Action
Summary
Hide ▲
Show ▼
Lawmakers in both houses of Congress demanded answers from CISA after a contractor exposed AWS GovCloud keys and other secrets on public GitHub. The letters pressed the agency on how the leak happened, how long the exposure lasted, and whether contract support was being managed safely. The scrutiny raises pressure on CISA as it works to invalidate and replace leaked credentials.
Related Happenings
CISA revises CIRCIA town hall schedule
Public Sector Action
First: 26.05.2026 15:00
Last: 26.05.2026 15:00
Sources 1
About this happening:
CISA **revised the schedule** for **virtual town halls** on the **CIRCIA rulemaking**, reopening stakeholder engagement on a cybersecurity reporting rule that will affect **critic...
CISA revises CIRCIA town hall schedule
Public Sector ActionAbout this happening: CISA **revised the schedule** for **virtual town halls** on the **CIRCIA rulemaking**, reopening stakeholder engagement on a cybersecurity reporting rule that will affect **critic...
CISA launches KEV Nomination Form
Public Sector Action
First: 21.05.2026 15:00
Last: 21.05.2026 15:00
Sources 1
About this happening:
CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....
CISA launches KEV Nomination Form
Public Sector ActionAbout this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....
CISA contractor GitHub repository exposed internal credentials
Data Leak
First: 18.05.2026 23:48
Last: 18.05.2026 23:48
Sources 1
How related:
a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account
About this happening:
A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
CISA contractor GitHub repository exposed internal credentials
Data LeakHow related: a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account
About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...
Latest development: 22.05.2026 19:34
On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.
Shai-Hulud public GitHub repository credential exposure
Data Leak
First: 18.05.2026 20:28
Last: 18.05.2026 20:28
Sources 1
About this happening:
**Shai-Hulud** stole **developer credentials** that were later exposed in **public GitHub repositories**, turning a theft phase into a public leak of access data. The exposed mate...
Shai-Hulud public GitHub repository credential exposure
Data LeakAbout this happening: **Shai-Hulud** stole **developer credentials** that were later exposed in **public GitHub repositories**, turning a theft phase into a public leak of access data. The exposed mate...
CISA emergency patch deadline for Ivanti EPMM
Public Sector Action
First: 08.05.2026 15:16
Last: 08.05.2026 15:16
Sources 1
About this happening:
CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
CISA emergency patch deadline for Ivanti EPMM
Public Sector ActionAbout this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....
Timeline
-
22.05.2026 19:34 1 articles · 5d ago
CISA contractor exposes AWS GovCloud keys and internal credentials on public GitHub
Initial DisclosureA CISA contractor with administrative access to the agency’s code development platform created a public GitHub profile called Private-CISA that contained plaintext credentials for dozens of internal CISA systems, including AWS GovCloud keys; reviewers said the commit logs showed GitHub’s built-in protection against publishing sensitive credentials in public repos had been disabled.
Show sources
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak — krebsonsecurity.com — 22.05.2026 19:34
-
22.05.2026 19:34 1 articles · 5d ago
Congressional lawmakers demand answers from CISA over the credential leak
Legal Policy Action UpdateSen. Maggie Hassan sent a May 19 letter to Acting Director Nick Andersen, and Rep. Bennie Thompson, co-signed by Rep. Delia Ramirez, sent a separate May 19 letter warning that the leak may reflect diminished security culture and weak contract support management at CISA while the agency faced questions about internal policies and procedures.
Show sources
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak — krebsonsecurity.com — 22.05.2026 19:34
-
22.05.2026 19:34 1 articles · 5d ago
CISA works to invalidate the exposed RSA private key and replace leaked credentials
Mitigation Patch UpdateOn May 20, KrebsOnSecurity notified CISA about findings from Dylan Ayrey that an exposed RSA private key in the Private-CISA repo could access a GitHub app owned by the CISA enterprise account and installed on the CISA-IT GitHub organization with full repository access; Ayrey said CISA appeared to invalidate that key afterward while other leaked credentials still needed rotation.
Show sources
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak — krebsonsecurity.com — 22.05.2026 19:34