"The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named "Private-CISA" containing plain-text passwords, private keys, tokens, and secrets - with obvious file names like "external-secret-repo-creds.yaml" and "AWS-Workspace-Firefox-Passwords.csv" - for six months."
"Valadon, who previously spent nine years at France's CISA equivalent, ANSSI, told us the leak included tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates."
"GitGuardian reported the leaky repository to CISA on May 14, and the agency took it down a day later. A CISA spokesperson told The Register that it was aware of the report and is investigating. "Currently, there is no indication that any sensitive data was compromised as a result of this incident.""
"In a Tuesday blog, Valadon said he initially thought the repo "was a hoax, given how suspicious the directory names (Backup-April-2026/, All Backups/, LZ-Artifactory/, Kubernetes-Important-Yaml-Files/, ENTRA ID -"
A GitHub repository named “Private-CISA” was publicly accessible for six months and contained plain-text sensitive data. The exposed files included “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv.” The leaked contents included tokens for internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates. The repository was discovered on May 14 and reported to CISA the same day. CISA removed the repository a day later and stated there was no indication that sensitive data was compromised as a result. The incident raised concerns about operational security at the agency.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]