News Grower

Independent coverage of AI, startups, and technology.

Language English Russian
Ars Technica May 19, 2026 at 18:27 Big Tech Rising Hot

In stunning display of stupid, secret CISA credentials found in public GitHub repo

SSH keys, plaintext passwords, other sensitive data had been up since November 2025.

Signal weather

Rising

Momentum is building quickly, so this card is a good early entry point into the topic.

By Lee Hutchinson Original source
In stunning display of stupid, secret CISA credentials found in public GitHub repo

Security researcher Brian Krebs brings us the news that America's Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private keys, tokens, and "other sensitive CISA assets" exposed in a public GitHub repo since at least November 2025. The now-offline public repo—named, somewhat aspirationally, "Private-CISA"—was brought to Krebs' attention by GitGuardian's Guillaume Valadon, who was alerted to the repo's presence by GitGuardian's public code scans. Krebs says that Valadon approached him after receiving no responses from the Private-CISA repo's owner. In an email to Krebs, Valadon claimed that the repo's commit logs show that GitHub's default protections against committing secrets—protections designed to protect unwitting or unskilled developers against exactly this kind of stupidness—had been disabled by the repo's administrator. Read full article Comments

Read the full article

Stay on the signal

Follow In stunning display of stupid, secret CISA credentials found in public GitHub repo

Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.

We send a confirmation link first, then only meaningful digests.

Story map

Understand this topic fast

A quick entry into the story: why it matters now, who is involved, and where to go next for context.

Why it matters now

Fresh coverage with immediate momentum.
There are already 6 connected articles in the same storyline to continue from here.
The story keeps orbiting around Ars Technica, CISA, and Credentials, so the entity pages are the fastest way to build context.
Ars Technica already has 4 follow-up stories on the same theme.

Topic constellation

Open the live map for this story

See which entities, story threads, sources, and follow-up articles shape this story right now.

Click nodes to continue

Entity Cluster Article Hub Source

Entity pages

Ars Technica CISA Credentials Credentials Found GitHub November

Story threads

Ars Technica

Latest coverage and related links about Ars Technica.

Ars Technica

Последние материалы и связанный контекст по теме Ars Technica.

CISA

Latest coverage and related links about CISA.

CISA

Последние материалы и связанный контекст по теме CISA.

Story timeline

Continue with this story

A short sequence of events and follow-up stories to understand the arc quickly.

May 19, 2026 at 20:58 Ars Technica

Spider-Noir final trailer gives us a classic villain

It's never too late to become a hero.
May 19, 2026 at 20:43 Ars Technica

"I'll buy 10 of those"—NASA science chief yearns for mass-produced satellites

"How in the hell do I get more science into space? That is my goal."
May 19, 2026 at 18:55 Ars Technica

Two AI-based science assistants succeed with drug-retargeting tasks

Both tools generate hypotheses; one goes on to analyze some of the data.
May 19, 2026 at 18:37 Ars Technica

Google's SynthID AI watermarking tech is being adopted by OpenAI, Nvidia, and more

AI content is getting good, but SynthID might be able to help tell truth from fiction.
May 19, 2026 at 18:27 Ars Technica

In stunning display of stupid, secret CISA credentials found in public GitHub repo

SSH keys, plaintext passwords, other sensitive data had been up since November 2025.
May 19, 2026 at 18:17 Ars Technica

RFK Jr. forced to withdraw charter that opened CDC panel to anti-vaccine quacks

Charter would have expanded member eligibility and focused on alleged injuries.

How reliable this looks

Signal and trust for Ars Technica

This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.

Trusted

Reliability

92

Freshness

100

Sources in storyline

1

Related articles

More stories that share tags, source, or category context.

More from Ars Technica

Fresh reporting and follow-up coverage from the same newsroom.

Open source page