A CISA contractor publicly exposed AWS GovCloud credentials and internal system details on GitHub until this past weekend. Security experts called it one of the most serious government data leaks in recent history.
A public GitHub repository maintained by a Cybersecurity & Infrastructure Security Agency (CISA) contractor contained highly privileged AWS GovCloud account credentials and access details to numerous internal CISA systems.
The exposed archive included sensitive files documenting CISA's internal software build, test, and deployment processes. Security researchers identified the repository as containing some of the most critical infrastructure credentials available to a U.S. government agency.
The leaked GovCloud accounts provide access to government-only AWS infrastructure used for classified and sensitive operations. Credentials for multiple privileged accounts remained publicly accessible until the repository was discovered and removed this past weekend.
Beyond the cloud credentials, the repository exposed architectural documentation and operational procedures for CISA systems. This combination of credentials and technical details gave potential attackers both access and a roadmap to exploit government infrastructure.
CISA, the federal agency responsible for cybersecurity and infrastructure protection, has not yet released a public statement about the incident or its scope. The agency typically handles credential compromise by immediately revoking exposed keys and auditing access logs for unauthorized activity.
The leak raises questions about security practices within government contracting relationships and code repository management. Standard practices recommend scanning repositories for credentials before uploading, using separate development and production keys, and restricting repository access.
This incident ranks among the most significant government data exposures in recent years. Previous notable leaks include exposure of military communications and federal employee information, though direct access to privileged cloud infrastructure represents an unusual level of operational risk.
No indication of unauthorized access has been confirmed. CISA declined to comment on whether any malicious activity occurred during the window the credentials were public.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.