Government security CISA contractor’s public GitHub repo exposed sensitive government credentials May 19, 2026 Share By SC Staff (Adobe Stock) A public GitHub repository containing highly sensitive internal credentials and systems used by the US Cybersecurity and Infrastructure Security Agency (CISA) has been revealed, based on information published by Tech Radar. The repository, named "Private-CISA" and maintained by contractor Nightwing, exposed AWS administrative credentials, access keys, tokens, plaintext usernames and passwords for internal CISA systems, and SSH keys. Security researchers confirmed the authenticity of the leak, with some credentials reportedly still functional. The repository detailed CISA's internal software build and deployment processes. While CISA stated there was no indication of sensitive data compromise, they are implementing additional safeguards to prevent future incidents. The repository was eventually locked down after researchers alerted the agency. The exact duration the repository remained accessible is unknown, but it was created in mid-November 2025. Source: Tech Radar SC Staff Related OT Security Iran suspected in breaching automatic tank gauges at US gas stations Laura French May 19, 2026 The automatic tank gauge systems were reportedly exposed online without passwords. Government security Recovery is the new cyber deterrence Cory Simpson May 18, 2026 Why resilience and quick recovery can deter potential attacks. Critical Infrastructure Security IBM executive floated for CISA director as concerns persist for agency Steve Zurier May 18, 2026 Cybersecurity leaders warn weakened CISA could hurt AI-era defense and threat response. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds