The Cybersecurity and Infrastructure Security Agency left SSH keys, plaintext passwords, and other sensitive credentials in a publicly accessible GitHub repository for months. The exposure began in November 2025 and went undetected until discovery.
CISA, the federal agency responsible for protecting U.S. critical infrastructure, inadvertently published authentication credentials in a public GitHub repository. The exposed materials included SSH keys, plaintext passwords, and additional sensitive data that remained accessible since November 2025.
The credentials were discovered in the repository, raising immediate concerns about unauthorized access to CISA systems. The agency's exposure underscores persistent challenges in credential management, even among organizations tasked with national cybersecurity oversight.
Public repositories represent a well-documented vector for credential theft. Attackers routinely scan GitHub and similar platforms for exposed secrets, which can grant access to critical systems, cloud infrastructure, and internal networks. The months-long window of exposure significantly increases the likelihood of malicious discovery and exploitation.
The incident mirrors previous breaches where organizations accidentally committed sensitive data to version control systems. Security researchers have repeatedly warned about the dangers of this practice, yet it remains a recurring problem across both public and private sectors.
CISA has not yet provided an official statement regarding the scope of the exposure, whether unauthorized access occurred, or what remediation steps have been taken. The agency has recommended that affected systems be audited and credentials rotated as a precautionary measure.
The discovery highlights the gap between cybersecurity governance and operational security practices. While CISA advises organizations on security best practices, the incident demonstrates that these principles are not consistently applied internally. Automated secret detection tools and repository scanning mechanisms could have identified and flagged the credentials before public exposure.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.