CISA recommends continuous secrets scanning and stronger key management after GitHub leak
Defensive Guidance
Summary
Hide ▲
Show ▼
CISA now recommends continuous secrets scanning and stronger key management after a contractor left internal credentials in a public GitHub repository for nearly six months. The guidance targets organizations that store secrets in code or cloud-linked repositories and need faster detection of exposed credentials. It also underscores the need for clear external reporting paths and prompt secret rotation when exposure is found.
Related Happenings
CISA zero-trust SASE guidance for TIC 3.0
Public Sector Action
H score30
First: 25.06.2026 14:30
Last: 25.06.2026 14:30
Sources 1
About this happening:
CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...
CISA zero-trust SASE guidance for TIC 3.0
Public Sector ActionAbout this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...
CERT-In issues rapid patching guidelines for internet-facing systems
Public Sector Action
H score38
First: 26.05.2026 12:13
Last: 26.05.2026 12:13
Sources 1
About this happening:
**CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...
CERT-In issues rapid patching guidelines for internet-facing systems
Public Sector ActionAbout this happening: **CERT-In** issued **new guidelines** requiring organizations to patch **internet-exposed critical vulnerabilities** within **12 hours** where feasible, tightening defensive timel...
Congress demands CISA answers on GitHub credential leak
Public Sector Action
H score19
First: 22.05.2026 19:34
Last: 22.05.2026 19:34
Sources 1
About this happening:
**Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
Congress demands CISA answers on GitHub credential leak
Public Sector ActionAbout this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...
Megalodon GitHub CI/CD supply-chain campaign
Campaign
H score50
First: 22.05.2026 14:55
Last: 22.05.2026 14:55
Sources 1
About this happening:
The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...
Megalodon GitHub CI/CD supply-chain campaign
CampaignAbout this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...
CISA launches KEV Nomination Form
Public Sector Action
H score38
First: 21.05.2026 15:00
Last: 21.05.2026 15:00
Sources 1
About this happening:
CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....
CISA launches KEV Nomination Form
Public Sector ActionAbout this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....
Timeline
-
13.07.2026 18:03 1 articles · 8h ago
GitGuardian flags the Private CISA GitHub repository with exposed CISA credentials
Initial DisclosureGitGuardian asks for help notifying CISA about a public GitHub repository named Private CISA that contains 844 MB of sensitive CISA-related data, including administrative AWS GovCloud credentials and plaintext usernames and passwords for internal CISA systems.
Show sources
- Lessons Learned from CISA’s Recent GitHub Leak — krebsonsecurity.com — 13.07.2026 18:03
-
13.07.2026 18:03 2 articles · 8h ago
CISA rotates exposed secrets and urges continuous secrets scanning after the GitHub leak
Mitigation Patch UpdateCISA says it rotated all secrets, revoked the contractor’s system access, and is refining incident-reporting channels after the public GitHub exposure. The postmortem also urges continuous scanning of public repositories for exposed secrets, clearer security.txt reporting instructions, and stronger key management for developer secrets.
Show sources
- Lessons Learned from CISA’s Recent GitHub Leak — krebsonsecurity.com — 13.07.2026 18:03
- Lessons Learned from CISA’s Recent GitHub Leak — krebsonsecurity.com — 13.07.2026 18:03