SSH keys, plaintext passwords, other sensitive data had been up since November 2025.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

CISA, the US cybersecurity agency, had plaintext passwords, SSH private keys, and tokens exposed in a public GitHub repository named 'Private-CISA' since at least November 2025. The repo was managed by CISA contractor Nightwing and had GitHub's default secret-protection features deliberately disabled. Security researcher Philippe Caturegli confirmed the credentials were valid and allowed high-privilege access to multiple AWS GovCloud accounts. The incident was discovered by GitGuardian's Guillaume Valadon via automated public code scanning. This follows a separate January incident where acting CISA Director Madhu Gottumukkala uploaded sensitive government documents to ChatGPT, leading to his removal in February.

Secret CISA credentials found in public GitHub repo

How Lighting Design In The Callisto Protocol Elevates The Horror