Particle.news
Download on the App Store
3 ARTICLES
·
1h ago

CISA Probes Contractor’s Public GitHub Leak of GovCloud Keys

Researchers warn the leaked access could let attackers tamper with government software.

Overview

  • External researchers found a public GitHub repo called "Private-CISA," maintained by a Nightwing contractor, that exposed cloud keys, tokens, and plain‑text passwords tied to CISA and DHS systems.
  • The cache included administrative credentials for three AWS GovCloud accounts and logins for dozens of internal tools, according to KrebsOnSecurity and Seralys.
  • Analysts reported working credentials for CISA’s internal artifactory, a code package store that could let an intruder slip backdoors into software builds.
  • The GitHub account was taken offline after notifications to CISA, though a researcher said some AWS keys still worked for roughly 48 hours after the takedown.
  • CISA says it is investigating and reports no sign that sensitive data was taken, while commit logs and files point to weak password hygiene, disabled GitHub secret‑detection, and use of the repo as a personal sync space since November 2025.