On May 14, 2026, GitGuardian found what looked like leaked CISA secrets in a public GitHub repository...

Passwords were stored as plain text in a public GitHub repository.

CISA left plaintext passwords and AWS GovCloud admin keys in a public GitHub repo for six months. GitGuardian discovered the 844 MB exposure on May 14, 2026.

SSH keys, plaintext passwords, other sensitive data had been up since November 2025.

The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."

On May 14, 2026, GitGuardian found what looked like leaked CISA secrets in a public GitHub repository...

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to…