Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA recommends continuous secrets scanning and stronger key management after GitHub leak

Defensive Guidance
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

CISA now recommends continuous secrets scanning and stronger key management after a contractor left internal credentials in a public GitHub repository for nearly six months. The guidance targets organizations that store secrets in code or cloud-linked repositories and need faster detection of exposed credentials. It also underscores the need for clear external reporting paths and prompt secret rotation when exposure is found.

Related Happenings

CISA zero-trust SASE guidance for TIC 3.0

Public Sector Action
H score30 First: 25.06.2026 14:30 Last: 25.06.2026 14:30 Sources 1

About this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...

CERT-In issues rapid patching guidelines for internet-facing systems

Public Sector Action
H score38 First: 26.05.2026 12:13 Last: 26.05.2026 12:13 Sources 1

About this happening: **CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...

Congress demands CISA answers on GitHub credential leak

Public Sector Action
H score19 First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

Megalodon GitHub CI/CD supply-chain campaign

Campaign
H score50 First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

CISA launches KEV Nomination Form

Public Sector Action
H score38 First: 21.05.2026 15:00 Last: 21.05.2026 15:00 Sources 1

About this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....

Timeline

  1. 13.07.2026 18:03 1 articles · 8h ago

    GitGuardian flags the Private CISA GitHub repository with exposed CISA credentials

    Initial Disclosure

    GitGuardian asks for help notifying CISA about a public GitHub repository named Private CISA that contains 844 MB of sensitive CISA-related data, including administrative AWS GovCloud credentials and plaintext usernames and passwords for internal CISA systems.

    Show sources
  2. 13.07.2026 18:03 2 articles · 8h ago

    CISA rotates exposed secrets and urges continuous secrets scanning after the GitHub leak

    Mitigation Patch Update

    CISA says it rotated all secrets, revoked the contractor’s system access, and is refining incident-reporting channels after the public GitHub exposure. The postmortem also urges continuous scanning of public repositories for exposed secrets, clearer security.txt reporting instructions, and stronger key management for developer secrets.

    Show sources