> TritonInfoSec News
Home / May 20, 2026 / Story
0
#4 Ars Technica Security general May 19, 2026 at 18:27 UTC

In stunning display of stupid, secret CISA credentials found in public GitHub repo

By Lee Hutchinson

AI Summary

A publicly accessible GitHub repository named 'Private-CISA' exposed CISA credentials including SSH keys and plaintext passwords since at least November 2025, prompting Congressional demands for answers. A researcher who analyzed the leaked repository described it as among the worst credential exposures he had witnessed. The incident is particularly damaging given CISA's role as the U.S. government's lead cybersecurity agency and has triggered Capitol Hill scrutiny.

Read full article → https://arstechnica.com/information-technology/202…

Relevance score: 85.0/100

# More from May 20

  1. 1
    GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories The Hacker News
  2. 2
    Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector SecurityWeek
  3. 3
    Cybercrime service disrupted for abusing Microsoft platform to sign malware BleepingComputer
  4. 5
    New Shai-Hulud malware wave compromises 600 npm packages BleepingComputer
  5. 6
    Max-severity flaw in ChromaDB for AI apps allows server hijacking BleepingComputer
  6. 7
    Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare The Hacker News
  7. 8
    DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability The Hacker News
  8. 9
    The New Phishing Click: How OAuth Consent Bypasses MFA The Hacker News
  9. 10
    GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials The Hacker News