Congressional lawmakers from both chambers are demanding answers from CISA after a contractor intentionally published AWS GovCloud keys and other agency secrets on a public GitHub account called 'Private-CISA'. The breach, originally created in November 2025, exposed credentials granting access to CISA's GitHub enterprise organization including private repositories and CI/CD pipelines. More than a week after GitGuardian first notified CISA, the agency is still working to invalidate and rotate many of the exposed credentials. TruffleHog creator Dylan Ayrey confirmed that a critical RSA private key remained active for days after notification, and that other credentials tied to critical security technologies are still unrotated. Security experts note that cybercriminal groups and foreign adversaries actively monitor GitHub's public commit feed for exposed keys, making it likely the secrets were already harvested.
Sort: