Sensitive access credentials for internal systems and cloud environments tied to the U.S. cybersecurity watchdog CISA were exposed publicly on GitHub. The leaked data included AWS GovCloud keys, plaintext passwords, and internal DevSecOps files. The credentials were stored in a public GitHub repository named Private-CISA, reportedly managed by a CISA contractor. Researchers found administrative keys for multiple AWS GovCloud accounts and confirmed that several accounts were accessible with high privileges. The repository also contained CSV files with plaintext usernames and passwords for internal CISA systems. Credentials for internal software repositories and build environments were also leaked, creating a pathway for attackers to embed malware or backdoors into software builds and spread compromises further. GitHub security controls that normally prevent secret exposure were disabled, and the repository may have been publicly accessible since November 2025.
"Sensitive access credentials for internal systems and cloud environments belonging to the U.S. cybersecurity watchdog Cybersecurity and Infrastructure Security Agency (CISA) have been publicly exposed on GitHub. The data included AWS GovCloud keys, plaintext passwords, and internal DevSecOps files. The data was stored in a public GitHub repository named Private-CISA, which was managed by a CISA contractor. Researchers from security firms GitGuardian and Seralys discovered that the repository provided access to various internal environments and software repositories of the U.S. government."
"According to researchers, the leaked files contained administrative keys for multiple AWS GovCloud accounts. AWS GovCloud is a secure cloud environment from Amazon Web Services specifically designed for sensitive U.S. government data. Researchers from security firm Seralys also say they have confirmed that multiple leaked AWS GovCloud accounts were indeed accessible with high privileges. The repository is also said to have contained CSV files with plaintext usernames and passwords for internal CISA systems."
"Furthermore, credentials for internal software repositories and build environments were reportedly leaked. Philippe Caturegli of Seralys warns that access to such repositories is attractive to attackers seeking to embed malware or backdoors into software builds. As a result, compromises could spread further within government environments. GitHub security disabled. According to GitGuardian, the repository administrator had also disabled GitHub functionality that normally prevents secret keys or passwords from being published publicly."
"GitHub security disabled. According to GitGuardian, the repository administrator had also disabled GitHub functionality that normally prevents secret keys or passwords from being published publicly. Ars Technica reports that the repository was likely publicly accessible as early as November 2025. Researchers also found passwords that were relatively easy to guess, such as combinations of pl"
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]