GitGuardian
Coverage of GitGuardian in the Nexus archive.
- CISA looks to remedy ailments from big May credential leak
CISA responded to a May 2023 credential leak by improving protections for sensitive materials, enhancing vulnerability reporting processes, and developing incident response plans. The leak, involving exposed Amazon AWS GovCloud keys on GitHub, led to no customer data exposure, and CISA implemented measures like endpoint monitoring and secret rotation. A security researcher praised CISA’s transparency in acknowledging both successful and flawed aspects of its response.
- CISA credential leak raises alarms, and Capitol Hill demands answers
The Cybersecurity and Infrastructure Security Agency (CISA) is investigating a reported exposure of sensitive agency credential data on GitHub, which was discovered by security firm GitGuardian. Congressional Democrats are demanding answers from CISA about the incident. The exposure has raised concerns about potential abuse by malicious parties.
- In stunning display of stupid, secret CISA credentials found in public GitHub repo
America's Cybersecurity & Infrastructure Agency (CISA) had a large store of sensitive assets exposed in a public GitHub repository since at least November 2025. The repository, named 'Private-CISA', contained plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets. Security researcher Brian Krebs reported the incident after being approached by Guillaume Valadon from GitGuardian.
- America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
The US Cybersecurity and Infrastructure Security Agency (CISA) left a GitHub repository open with sensitive information, including passwords and keys, for six months. The leak was discovered by GitGuardian researcher Guillaume Valadon, who reported it to CISA, which then took down the repository. The incident is a significant security lapse for the agency.
- CISA Admin Leaked AWS GovCloud Keys on Github
A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) exposed credentials to AWS GovCloud accounts and internal CISA systems on a public GitHub repository. The leak included files detailing how CISA builds, tests, and deploys software internally. The exposed credentials represent a significant government data leak.