:

CISA EXPOSED PASSWORDS, CLOUD KEYS ON PUBLIC GITHUB

SECURITY DESK2 MIN READ
TUE, MAY 19, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The US Cybersecurity and Infrastructure Security Agency left plaintext passwords and cloud credentials exposed on a public GitHub repository. The discovery was reported by independent journalist Brian Krebs.

CISA, the federal agency responsible for defending US critical infrastructure, inadvertently exposed sensitive authentication credentials in a spreadsheet uploaded to GitHub. The passwords and cloud keys were stored in plaintext format, making them immediately accessible to anyone with access to the public repository. The exposure was not disclosed by the agency itself but rather identified through independent reporting. The Exposure The incident underscores a recurring vulnerability in software development practices: developers and organizations accidentally committing sensitive data to public repositories. GitHub and similar platforms automatically index public repositories, meaning exposed credentials can be discovered and exploited within minutes. Implications For a cybersecurity agency, the exposure carries heightened significance. CISA issues guidance to federal agencies and private sector organizations on security best practices. The incident contradicts the agency's own recommendations around credential management and access control. Plaintext passwords in shared repositories violate fundamental security protocols. Industry standards call for secrets management tools, environment variables, and encryption for any sensitive data in development workflows. Response Details on CISA's response timeline and remediation steps were not immediately available. Typically, such exposures require immediate credential rotation across all systems that used the compromised passwords and keys. Broader Context Large organizations routinely face credential exposure incidents. The difference with federal agencies is the potential scale of impact and the reputational damage when the exposed entity is responsible for national cybersecurity guidance. This incident joins a pattern of high-profile organizations—including major tech companies and government agencies—discovering credentials accidentally committed to public code repositories. Automated secret scanning tools exist to prevent such exposures, though implementation gaps remain common. The incident serves as a reminder that security practices must apply uniformly across organizations, regardless of their role in the security ecosystem.

■ SOURCES

TechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.