TECH NEWS

US cyber agency CISA exposed reams of passwords and cloud keys to the open web

https://techcrunch.com/wp-content/uploads/2026/05/cisa-2240293485.jpg?resize=1200,800

U.S. cybersecurity agency CISA may have escaped a sizable security breach, thanks to a good-faith security researcher who identified publicly exposed credentials that allowed access to government cloud and internal agency systems.

As first reported by independent security reporter Brian Krebs, GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets, which had been made publicly accessible in a GitHub repository by an employee working for a CISA contractor.

Valadon told Krebs that the exposed credentials were used for accessing systems belonging to CISA and its parent agency, the Department of Homeland Security. Valadon said the credentials included access tokens, cloud keys, and other sensitive files. Valadon told Krebs that he tested some of the keys to verify that they were valid.

He then reported the lapse to Krebs because the CISA contractor who maintained the GitHub environment did not respond to their alerts.

The security...

Copyright of this story solely belongs to techcrunch.com. To see the full text click HERE

Read more

http://www.techmeme.com/img/techmeme_sq328.png

GitHub says it's investigating “unauthorized access” to its internal repositories, and there's no proof of customer data outside its repositories being impacted

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data
http://www.techmeme.com/img/techmeme_sq328.png

Q&A with Google SVP James Manyika on AI's ability to automate tasks versus occupations, his optimism about the labor market despite AI-driven layoffs, and more

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data