CISA had plaintext passwords, SSH private keys, tokens and other sensitive assets exposed in a public GitHub repo named Private-CISA since at least November 2025. The repo's administrator disabled GitHub's default secret protections, a contractor managed it, and testing confirmed high-privilege AWS GovCloud access was possible.

Security researcher Brian Krebs reported that America’s Cybersecurity and Infrastructure Security Agency (CISA) left a large collection of plaintext passwords, SSH private keys, tokens, and additional sensitive agency materials exposed inside a public GitHub repository since at least November 2025.
The repository, now taken offline and previously called Private-CISA, came to Krebs’s notice through GitGuardian’s Guillaume Valadon. Valadon learned of the repository via GitGuardian’s public code scans and contacted Krebs only after the repository owner failed to reply.
https://x.com/arstechnica/status/2056805273025876192
In an email to Krebs, Valadon stated that the repository’s commit logs indicated GitHub’s default safeguards against committing secrets—mechanisms meant to shield inexperienced or careless developers from precisely this sort of mistake—had been turned off by the repository administrator.
Tests conducted by Seralys founder Philippe Caturegli verified that the repository was neither a prank nor a fabrication. Caturegli successfully employed the credentials found inside Private-CISA to obtain high-privilege access across multiple Amazon Web Services GovCloud accounts.
Krebs reported that the repository seemed to be administered by Nightwing, a Virginia-based contractor working for CISA. Nightwing has declined to issue any public statement and has instead directed all inquiries back to CISA.
This is not the first misstep by CISA; it is not even the first one this year. In January, acting CISA Director Madhu Gottumukkala—who had previously failed a polygraph—uploaded sensitive government documents to ChatGPT after securing an exemption from the agency’s ban on its use by personnel. Gottumukkala was removed from the position in February.
Disabling GitHub secret commit protections in a contractor-managed repo allowed prolonged high-privilege exposure of CISA credentials to AWS GovCloud.
Tap a lens to see what this story means for you.
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
See what’s happening right now
The Feed runs all day — short, verified briefs the moment they break.
Open the FeedFollow @thecircuitry_
Every story we publish, as it happens. No noise between.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
Progress Software has begun contacting organizations that run Storage Zone Controllers for its ShareFile platform, directing them to turn off the associated Windows servers at once because of what the firm calls a "credible external security threat" aimed at the on-premises component. Cloud access has been blocked as a precaution while the company and outside experts investigate.
China enacted a temporary helium export ban on July 10, 2026 to safeguard domestic supplies amid ongoing Middle East supply risks. The step highlights concerns over prolonged global shortages of the irreplaceable gas used in chipmaking and medical imaging.
Attackers are exploiting CVE-2026-20896 in Gitea’s official Docker image to impersonate any user via a single trusted header. The critical flaw affects default configurations of instances up to version 1.26.2, prompting urgent upgrades to 1.26.4 and log reviews.