Major Shock at CISA! Secret Keys “Deliberately” Exposed on GitHub, Threatening the Security Backbone of the U.S. Government

📰 News Summary

• A contractor for the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has exposed internal authentication credentials, including AWS GovCloud keys, in a public GitHub repository called “Private-CISA.”
• This contractor “intentionally disabled” GitHub’s built-in protective features designed to prevent the disclosure of sensitive information while committing code.
• Even a week after alerts from security firms, some crucial private keys remained active, allowing full access to all repositories.

💡 Key Points

• The leaked “Private-CISA” archive was created in November 2025, and there’s suspicion that the contractor was using it as a personal “notebook.”
• With the leaked RSA private key, one could read all private repositories belonging to CISA-IT, hijack the CI/CD pipeline, and alter admin settings.
• CISA has reportedly lost over a third of its personnel in recent years, and significant turnover in upper management has led to internal chaos, contributing to a decline in security culture, as pointed out in Congress.

🦈 Shark’s Eye (Curator’s Perspective)

This is so sloppy it’s making my jaw drop! How could CISA, the organization tasked with protecting America from cyber attacks, leave the front door keys on GitHub and then go ahead and turn off the alerts? This is unprecedented blunder!

Especially alarming is the “RSA private key” pointed out by Dylan Ayers, the creator of TruffleHog. This single key can unlock all of CISA-IT’s repositories, yet it was left unattended for days after the initial report. Such a slow incident response time is absolutely unacceptable by 2026 standards! Was naming it “Private-CISA” a misguided attempt to hide it, or just a sign of sheer ignorance? Either way, this is clear evidence of a complete collapse in internal governance!

🚀 What’s Next?

A rigorous investigation by Congress, led by Senator Hassan, is underway, and CISA’s Acting Director Nick Anderson will face tough accountability questions. It’s certain that the contractor management processes will be overhauled, but restoring lost trust will require a long journey to rebuild the organization’s “security culture.”

💬 Haru-Shark’s Take

What’s the point of the defenders “deliberately” weakening their defenses?! A security pro should have caught this the moment GitHub raised the red flag. Even a shark knows to swim cautiously! 🦈🔥

📚 Terminology Breakdown

• AWS GovCloud: A physically and logically isolated AWS region designed for U.S. government agencies and their contractors to migrate sensitive workloads to the cloud.

• CI/CD: Stands for “Continuous Integration/Continuous Delivery.” A method to automate software building, testing, and deployment. If compromised, malicious code could be slipped into legitimate programs.

• RSA Private Key: One of a pair used in public-key cryptography. Possessing this allows bypassing authentication for specific systems or repositories, enabling operations with elevated privileges—it’s critically important data.

• Source: Lawmakers Demand Answers as CISA Tries to Contain Data Leak