CISA Security Credentials Exposed in Public GitHub Repository for Months

The Cybersecurity and Infrastructure Security Agency accidentally left SSH keys, plaintext passwords, and other sensitive credentials in a public GitHub repository since November 2025. The exposure highlights a critical security lapse at a federal agency responsible for protecting U.S. critical infrastructure and coordinating cybersecurity defenses.

Why it matters: This incident demonstrates how even government security agencies struggle with basic credential management practices, raising concerns about the broader state of security practices across federal systems and the credibility of CISA's security guidance to the private sector.