News Ababil.
Explore

Geo-Politics

World NewsUS PoliticsEurope IntelMiddle EastAsia PacificGlobal Conflicts

Wealth & Markets

Global EconomyStock MarketsCrypto & Web3Real EstateVenture CapitalPersonal Finance

Tech & Future

AI IntelligenceCyber SecuritySpace TechStartupsConsumer TechFuture of Work

Life & Culture

Health & LongevityElite LifestyleSports AnalysisEntertainmentAuto & MobilityClimate Watch
SYS_NODE: ONLINE // Cyber Security

CISA AWS GovCloud keys leak exposes massive government cloud credentials

DECRYPTED BY: Kaelen Frost | TIMESTAMP: 2026-05-21 T 20:42:06 Z | [ 2 MIN READ ]
CISA AWS GovCloud keys leak exposes massive government cloud credentials
2 Min Read
Share

In a startling breach, a contractor for the Cybersecurity and Infrastructure Security Agency (CISA) left a public GitHub repository brimming with AWS GovCloud credentials, marking what experts call the CISA AWS GovCloud keys leak. The repo, named “Private‑CISA,” housed admin tokens, plaintext passwords and deployment scripts, effectively handing outsiders a master key to the agency’s cloud environment.

How the leak unfolded

Security researcher Guillaume Valadon of GitGuardian flagged the repo after automated scans detected dozens of secrets. The contractor, an employee of Nightwing, a Dulles‑based government contractor, had disabled GitHub’s built‑in secret‑detection feature, allowing SSH keys and passwords to be committed publicly.

“Passwords stored in plain text in a CSV, backups in Git, explicit commands to disable GitHub secrets detection—this is the worst leak I’ve witnessed,” Valadon wrote.

The exposed files included importantAWStokens with admin access to three AWS GovCloud accounts, and a CSV listing usernames and passwords for internal systems such as the Landing Zone DevSecOps environment (LZ‑DSO). Security analyst Philippe Caturegli confirmed the keys remained active for ↓ 48 hours after the repo was taken down.

CISA AWS GovCloud keys leak: impact on agency operations

Caturegli demonstrated that the compromised credentials could authenticate to high‑privilege GovCloud resources and to CISA’s internal Artifactory, a repository of software packages that could serve as a persistent foothold for attackers. “That would be a prime place to move laterally,” he warned.

The agency, already operating with ↓ 33% fewer staff due to budget cuts and attrition, issued a brief statement acknowledging the incident and asserting no evidence of data misuse so far. CISA said it is tightening safeguards and conducting a full investigation.

For additional context on government cloud security, see Reuters and AP News.

Must Read Intel Explore deeper: Grafana GitHub breach reveals source code leak via TanStack npm exploit

Analysis by Kaelen Frost (Lead Cybersecurity Analyst).

Global Data Feed
Premium Best THC Gummies Selection [ Health & Longevity ]

Best THC Gummies Ranked by Mood, Potency and Flavor – Expert Guide
Decision Context Graph AI Memory [ AI Intelligence ]

Decision Context Graphs Stop Enterprise AI Agents From Forgetting
Blockchain.com IPO confidential filing [ Crypto & Web3 ]

Blockchain.com IPO: Confidential SEC Filing Marks New Crypto Market Wave
Ebola treatment centre fire DR Congo [ Health & Longevity ]

Ebola Treatment Centre Torched in DR Congo as Community Anger Boils Over

More from this Intel

Grafana GitHub breach reveals source code leak via TanStack npm exploit

Grafana GitHub breach reveals source code leak via TanStack npm...

May 20, 2026
Inside the DDoS attacks on Brazilian ISPs: How an anti‑DDoS firm became the weapon

Inside the DDoS attacks on Brazilian ISPs: How an anti‑DDoS...

May 17, 2026
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email – Immediate Threat Alert

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email –...

May 15, 2026
Shai-Hulud worm strikes: six steps to secure your enterprise now

Shai-Hulud worm strikes: six steps to secure your enterprise now

May 13, 2026
Inside the Botnet Behind the Massive Brazilian ISP DDoS Attacks

Inside the Botnet Behind the Massive Brazilian ISP DDoS Attacks

May 12, 2026
Why the Riskiest SOC Alerts Remain Ignored – and How Radiant Security Fixes the Gap

Why the Riskiest SOC Alerts Remain Ignored – and How...

May 12, 2026

Join The Elite

Get the top 0.1% global intelligence and market insights delivered directly to your inbox before the masses.

We respect your privacy. No spam.