In stunning display of stupid, secret CISA credentials found in public GitHub repo

A public GitHub repository called "Private-CISA" reportedly exposed plaintext passwords, SSH private keys, tokens, and other sensitive CISA assets since at least November 2025; repository secret-detection protections were disabled. Security researchers (GitGuardian and Seralys) found the repo, and testing demonstrated the included credentials allowed high-privilege access to multiple AWS GovCloud accounts; the repo appears linked to a CISA contractor named Nightwing.