CISA’s secret credentials found in public GitHub repo named 'Private-CISA'

A stunning security lapse has exposed America’s Cybersecurity & Infrastructure Agency (CISA) to serious risk after a public GitHub repository named “Private-CISA”—a name that now seems painfully ironic—was found to contain a trove of plaintext passwords, SSH private keys, tokens, and other sensitive assets. The repository, maintained by Virginia-based CISA contractor Nightwing, had been publicly accessible since at least November 2025, according to a report by security journalist Brian Krebs. The leak was flagged by GitGuardian’s Guillaume Valadon, whose automated scans detected the credentials. Valadon told Krebs that the repo’s commit logs showed GitHub’s default secret-protection mechanisms had been deliberately disabled by the repository’s administrator, leaving the door wide open for any malicious actor to walk in.

Even more alarming, testing by Seralys founder Philippe Caturegli confirmed the credentials were real and still active. He was able to use them to access multiple Amazon Web Services GovCloud accounts “at a high privilege level,” meaning an adversary could have accessed sensitive government cloud infrastructure. Nightwing has not publicly commented, referring all questions back to CISA. This incident is not an isolated blunder: earlier this year, acting CISA Director Madhu Gottumukkala uploaded classified documents to ChatGPT after obtaining an exemption from the agency’s AI usage policy, and was later removed. The GitHub leak underscores a systemic failure in operational security at one of the nation’s most critical cybersecurity agencies.