Signal

CISA contractor’s public GitHub repository exposed sensitive government credentials

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-19 20:57 UTCUpdated 2026-05-20 12:11 UTC

rss

cvebreachsecurity_policyincident_response

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Senator presses CISA for answers about alleged GitHub repository leak

The Record (Recorded Future News) · News · therecord.media · 2026-05-20 12:11 UTC

CISA contractor's public GitHub repo exposed sensitive government credentials

SC Media · News · scworld.com · 2026-05-19 23:50 UTC

CISA credential leak raises alarms, and Capitol Hill demands answers

CyberScoop · News · cyberscoop.com · 2026-05-19 23:28 UTC

Contractor’s public GitHub account exposed GovCloud and CISA credentials

CSO Online · News · csoonline.com · 2026-05-19 20:57 UTC

View all evidence

Overview

A public GitHub repository maintained by a CISA contractor named Nightwing exposed sensitive credentials for AWS GovCloud and internal CISA systems, including administrative keys, tokens, usernames, passwords, and SSH keys.

Entities

Cybersecurity and Infrastructure Security AgencyGitGuardianPrivate-CISAGuillaume ValadonBrian KrebsMaggie Hassan

Score total

1.31

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

The leak was publicly discovered and reported in mid-May 2026.
Congressional Democrats have recently demanded answers from CISA.
The incident highlights ongoing challenges in securing government contractor environments.

Why it matters

Exposed credentials risk unauthorized access to critical government systems.
Potential for state actors to exploit leaked credentials for persistent access.
Congressional scrutiny may drive improved security policies and contractor oversight.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

A public GitHub repository maintained by a CISA contractor exposed sensitive AWS GovCloud and internal CISA credentials.
The exposed credentials included administrative access keys, tokens, plaintext usernames and passwords, and SSH keys.
Congressional Democrats, including Senator Maggie Hassan, have demanded answers from CISA about the breach.

How sources frame it

CyberScoop: neutral
CSO Online: neutral
The Record (Recorded Future News): neutral

This incident underscores the critical need for secure credential management and oversight of contractors handling sensitive government data.

All evidence

All evidence

Senator presses CISA for answers about alleged GitHub repository leak

The Record (Recorded Future News) · therecord.media · 2026-05-20 12:11 UTC

CISA contractor's public GitHub repo exposed sensitive government credentials

SC Media · scworld.com · 2026-05-19 23:50 UTC

CISA credential leak raises alarms, and Capitol Hill demands answers

CyberScoop · cyberscoop.com · 2026-05-19 23:28 UTC

Contractor’s public GitHub account exposed GovCloud and CISA credentials

CSO Online · csoonline.com · 2026-05-19 20:57 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

The Record (Recorded Future News) (1)
SC Media (1)
CyberScoop (1)
CSO Online (1)

Top origin domains (this list)

therecord.media (1)
scworld.com (1)
cyberscoop.com (1)
csoonline.com (1)