CISA contractor’s public GitHub repo exposed sensitive government credentials

A public GitHub repository containing highly sensitive internal credentials and systems used by the US Cybersecurity and Infrastructure Security Agency (CISA) has been revealed, based on information published by Tech Radar.

The repository, named "Private-CISA" and maintained by contractor Nightwing, exposed AWS administrative credentials, access keys, tokens, plaintext usernames and passwords for internal CISA systems, and SSH keys. Security researchers confirmed the authenticity of the leak, with some credentials reportedly still functional. The repository detailed CISA's internal software build and deployment processes.