SECURITY researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency has had a large store of plaintext passwords, SSH private keys, tokens and other sensitive CISA assets exposed in a public GitHub repo since at least November 2025. The now-offline repo, named “Private-CISA”, was brought to Krebs on Security’s attention by GitGuardian’s Guillaume Valadon, who was alerted to the repo’s presence by GitGuardian’s public code scans.
Testing by Seralys founder Philippe Caturegli showed that he could use the credentials in the Private-CISA repo to gain access to multiple Amazon Web Services GovCloud accounts at a high privilege level. Krebs notes the repo appeared to be managed by Virginia-based Nightwing, a CISA contractor, which has not commented publicly.
The piece also recalls an earlier incident in January when acting CISA Director Madhu Gottumukkala uploaded sensitive government documents to ChatGPT after obtaining an exemption to the agency policy prohibiting ChatGPT use by CISA personnel, and Gottumukkala was removed from his role in February.