BrianKrebs
@briankrebs@infosec.exchange  ·  activity timestamp 6 days ago
Mr. Nicholas M. Andersen Acting Director Cybersecurity and Infrastructure Security Agency Dear Acting Director Andersen: On May 18, 2026, it was reported that a contractor-employee for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository, a cloud-based platform used to store and share information for purposes of developing software code, that stored CISA credentials to several highly sensitive AWS GovCloud accounts and a large number of internal CISA systems, including passwords and cloud keys.1 The title of the public repository was reportedly “Private-CISA.”2 Reports stated “a review of the GitHub account and its exposed passwords show the ‘Private-CISA’ repository was maintained by an employee of Nightwing.”3 It was also reported the GitHub account that included the repository titled “Private-CISA” was taken offline shortly after at least two cyber-security research companies notified CISA of the exposure, but the exposed AWS keys continued to remain valid for another 48 hours.4 CISA spokesperson Marco DiSandro said the agency is “aware of the reported exposure and is continuing to investigate the situation,” and that there is “no indication that any sensitive data was compromised as a result of this incident.”5 However, according to reports, CISA would not say if the agency has seen any evidence of a breach stemming from this exposure.
Mr. Nicholas M. Andersen Acting Director Cybersecurity and Infrastructure Security Agency Dear Acting Director Andersen: On May 18, 2026, it was reported that a contractor-employee for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository, a cloud-based platform used to store and share information for purposes of developing software code, that stored CISA credentials to several highly sensitive AWS GovCloud accounts and a large number of internal CISA systems, including passwords and cloud keys.1 The title of the public repository was reportedly “Private-CISA.”2 Reports stated “a review of the GitHub account and its exposed passwords show the ‘Private-CISA’ repository was maintained by an employee of Nightwing.”3 It was also reported the GitHub account that included the repository titled “Private-CISA” was taken offline shortly after at least two cyber-security research companies notified CISA of the exposure, but the exposed AWS keys continued to remain valid for another 48 hours.4 CISA spokesperson Marco DiSandro said the agency is “aware of the reported exposure and is continuing to investigate the situation,” and that there is “no indication that any sensitive data was compromised as a result of this incident.”5 However, according to reports, CISA would not say if the agency has seen any evidence of a breach stemming from this exposure.
Mr. Nicholas M. Andersen Acting Director Cybersecurity and Infrastructure Security Agency Dear Acting Director Andersen: On May 18, 2026, it was reported that a contractor-employee for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository, a cloud-based platform used to store and share information for purposes of developing software code, that stored CISA credentials to several highly sensitive AWS GovCloud accounts and a large number of internal CISA systems, including passwords and cloud keys.1 The title of the public repository was reportedly “Private-CISA.”2 Reports stated “a review of the GitHub account and its exposed passwords show the ‘Private-CISA’ repository was maintained by an employee of Nightwing.”3 It was also reported the GitHub account that included the repository titled “Private-CISA” was taken offline shortly after at least two cyber-security research companies notified CISA of the exposure, but the exposed AWS keys continued to remain valid for another 48 hours.4 CISA spokesperson Marco DiSandro said the agency is “aware of the reported exposure and is continuing to investigate the situation,” and that there is “no indication that any sensitive data was compromised as a result of this incident.”5 However, according to reports, CISA would not say if the agency has seen any evidence of a breach stemming from this exposure.
Home Login