In stunning display of stupid, secret CISA credentials found in public GitHub repo
SSH keys, plaintext passwords, other sensitive data had been up since November 2025.
Signal weather
Rising
Momentum is building quickly, so this card is a good early entry point into the topic.
Security researcher Brian Krebs brings us the news that America's Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and "other sensitive CISA assets" exposed in a public GitHub repo since at least November 2025. The now-offline public repo—named, somewhat aspirationally, "Private-CISA"—was brought to Krebs' attention by GitGuardian's Guillaume Valadon, who was alerted to the repo's presence by GitGuardian's public code scans. Krebs says that Valadon approached him after receiving no responses from the Private-CISA repo's owner. In an email to Krebs, Valadon claimed that the repo's commit logs show that GitHub's default protections against committing secrets—protections designed to protect unwitting or unskilled developers against exactly this kind of stupidness—had been disabled by the repo's administrator. Read full article Comments
Stay on the signal
Follow In stunning display of stupid, secret CISA credentials found in public GitHub repo
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Entity pages
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
1
Related articles
More stories that share tags, source, or category context.
Two AI-based science assistants succeed with drug-retargeting tasks
Both tools generate hypotheses; one goes on to analyze some of the data.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Google's SynthID AI watermarking tech is being adopted by OpenAI, Nvidia, and more
AI content is getting good, but SynthID might be able to help tell truth from fiction.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
RFK Jr. forced to withdraw charter that opened CDC panel to anti-vaccine quacks
Charter would have expanded member eligibility and focused on alleged injuries.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Gemini 3.5 Flash might be fast enough for gen AI to make sense
Google says its more efficient Gemini 3.5 Flash is the key to your agentic AI future.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
Two AI-based science assistants succeed with drug-retargeting tasks
Both tools generate hypotheses; one goes on to analyze some of the data.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Google's SynthID AI watermarking tech is being adopted by OpenAI, Nvidia, and more
AI content is getting good, but SynthID might be able to help tell truth from fiction.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
RFK Jr. forced to withdraw charter that opened CDC panel to anti-vaccine quacks
Charter would have expanded member eligibility and focused on alleged injuries.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Gemini 3.5 Flash might be fast enough for gen AI to make sense
Google says its more efficient Gemini 3.5 Flash is the key to your agentic AI future.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.