Particle.news
Get it on Google Play
Download on the App Store
9 ARTICLES
·
12h ago

CISA Contractor Exposed Plaintext Passwords and GovCloud Keys on Public GitHub

CISA says an investigation so far shows no sign of misuse.

Image
Image
CANADA - 2025/10/12: In this photo illustration, the United States Cybersecurity and Infrastructure Security Agency (CISA) logo is seen displayed on a smartphone screen. (Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images)
Image

Overview

  • Security researchers found a public GitHub repository run by a Nightwing contractor that listed plaintext passwords, tokens, and admin cloud keys for CISA systems, discovered May 14 and taken down Friday.
  • Seralys’ Philippe Caturegli confirmed some exposed credentials logged into three AWS GovCloud accounts with high privileges, and several AWS keys stayed valid for about 48 hours after removal.
  • Files in the archive referenced CISA’s internal software build repository, which could let an attacker plant malicious code in packages that the agency uses to deploy software.
  • GitGuardian’s Guillaume Valadon said the repo stored passwords in a CSV and had disabled GitHub’s built‑in secret scanning, calling it the worst leak he has seen in his career.
  • CISA acknowledges the exposure and is investigating with no evidence of compromise so far, and the lapse raises concerns about contractor oversight and how quickly high‑risk credentials are revoked.