In stunning display of stupid, secret CISA credentials found in public GitHub repo

Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and “other sensitive CISA assets” exposed in a public GitHub repo since at least November 2025.

The now-offline public repo—named, somewhat aspirationally, “Private-CISA”—was brought to Krebs’ attention by GitGuardian’s Guillaume Valadonwho was alerted to the repo’s presence by GitGuardian’s public code scans. Krebs says that Valadon approached him after receiving no responses from the Private-CISA repo’s owner.

In an email to Krebs, Valadon claimed that the repo’s commit logs show that GitHub’s default protections against committing secrets—protections designed to protect unwitting or unskilled developers against exactly this kind of stupidness—had been disabled by the repo’s administrator.

Read full article

Comments

TNG – Latest News & Reviews

Tencent Music completes $2.6 billion acquisition of podcast platform Ximalaya · TechNode

AMD says Malaysia has a role in Southeast Asia’s yotta-scale AI infrastructure push

AMD CEO Lisa Su in Shanghai predicts five billion daily AI users within five years · TechNode

Knicks vs. Cavaliers prediction, odds: 2026 NBA Eastern Conference finals picks from 10,000 simulations

Narrative Timing in Web3 Markets Is Becoming a Competitive Advantage

Hub88 grows global content offering through TaDa Gaming partnership