News
MARKET SIGNAL:

CISA Tightens GitHub Controls After May AWS Key Leak

Newsroom brief

CISA said privileged AWS GovCloud keys from a contractor appeared in a public GitHub repository in May, prompting secret rotation, repository monitoring and new incident playbooks. The agency said logs showed no customer or mission data exposure, but it did not name the contractor, repository, exposure window or exact AWS permissions.

Verified against source materialEdited by SendTech Times Cybersecurity Desk
CISA Tightens GitHub Controls After May AWS Key Leak
Image source: CyberScoop

CISA is turning a May credential leak into a public security-cleanup plan after privileged AWS GovCloud keys from a contractor appeared in a public GitHub repository, but the agency said its log review found no customer or mission data exposure.

The U.S. Cybersecurity and Infrastructure Security Agency said it took the affected repository and developer environment offline, revoked the responsible person’s access and rotated secrets after the incident.

The agency also said it will strengthen monitoring of uploads to public repositories and improve how researchers report vulnerabilities involving CISA itself.

CISA Says Leaked Keys Were Not Used Outside The Agency

CISA said it learned on May 15 that privileged Amazon AWS GovCloud keys had been exposed through a contractor’s public GitHub repository.

The agency said it moved to stop further harm by taking the repository and developer environment offline and revoking access tied to the person responsible for the leak.

The agency said it then analysed the repository and log files to determine the scope of the incident.

According to the agency’s account cited by CyberScoop, none of the leaked credentials were used outside CISA and no customer or mission data was exposed.

The disclosure still created a public test for an agency that regularly tells other organisations to share incident-response lessons.

Acting chief information officer Preston Werntz and acting chief information security officer Brad Libbey wrote that information exchange is critical to identifying trends and broader national awareness.

GitHub Upload Monitoring Becomes A Remediation Item

CISA said the response worked in some areas because staff treated the report seriously, had usable logging and applied zero-trust principles.

The agency also identified gaps that it said need to be fixed after the GitHub exposure.

The agency said it will use endpoint detection and response capabilities to monitor and manage uploads to public repositories.

It also rotated all secrets after the leak and developed a plan to improve secrets management.

CISA said the incident showed that public-repository monitoring had to be managed before similar exposures reached the same response stage.

That remediation list is narrower than a full breach-response overhaul.

The public account did not describe customer compromise, operational disruption or data theft.

It described a contractor-driven exposure of privileged cloud credentials and a cleanup plan focused on public-repository controls, secrets management and researcher reporting channels.

Researcher Reporting Channel Remains Part Of The Fix

CISA said it wants to make it easier to report vulnerabilities related to the agency itself.

The agency said it is more accustomed to receiving vulnerability information for broader public and private-sector cyber risks than for agency-specific issues.

CISA also said it had to build a GitHub-incident playbook during the response and recognised the need to prepare playbooks for other incident types in advance.

GitGuardian security researcher Guillaume Valadon, who uncovered the leak, told CyberScoop that CISA explained what happened, what worked and what needed improvement.

Valadon also told CyberScoop that the response recognised secrets scanning and simpler researcher relations.

CISA has not named the contractor, published the exposed repository, disclosed how long the keys were visible, listed the exact AWS permissions involved or released independent validation of the log-review findings.

Share this article
inXf

Related articles

More
IPA Translation Turns CISA Security Goals Into A Japan Infrastructure Baseline
Cybersecurity

IPA Translation Turns CISA Security Goals Into A Japan Infrastructure Baseline

Japan’s Information-technology Promotion Agency published a Japanese translation of CISA’s Cross-Sector Cybersecurity Performance Goals Version 2.0 for domestic critical infrastructure operators. The guidance covers IT and operational technology, maps goals to NIST CSF 2.0, and frames the controls as minimum practices rather than a full cybersecurity program. The practical question is whether asset owners use the worksheet to rank gaps by cost, complexity and impact, then review progress after 12 months.

CISA WebLogic Warning Turns Oracle Patch Lag Into an Exposure Test
Cybersecurity

CISA WebLogic Warning Turns Oracle Patch Lag Into an Exposure Test

CISA ordered U.S. federal agencies to patch Oracle WebLogic Server systems affected by CVE-2024-21182 after active exploitation was observed. Shodan tracks more than 1,592 exposed WebLogic servers vulnerable to the flaw, including 961 on version 12.2.1.4.0 and 631 on version 14.1.1.0.0. The immediate test is whether public- and private-sector defenders apply Oracle fixes or remove exposed systems where mitigations are unavailable.

Injective SDK npm Compromise Exposes Wallet-Key Theft Risk
Cybersecurity

Injective SDK npm Compromise Exposes Wallet-Key Theft Risk

Socket, Ox Security and StepSecurity said they detected wallet-stealing code in @injectivelabs/sdk-ts npm package version 1.20.21 after an Injective Labs contributor account was compromised. Socket said the malicious release was downloaded 310 times before deprecation, while Ox Security counted 87 direct dependencies and described a six-figure cumulative download count across dependent packages.

Sysdig Says AI Ransomware Still Needed Human Setup
Cybersecurity

Sysdig Says AI Ransomware Still Needed Human Setup

Sysdig described JadePuffer as agentic ransomware, but Michael Clark said a human still chose the victim, provisioned infrastructure and supplied database credentials before the AI agent executed the attack.

Socket Tracks 108 Malicious Packages In PolinRider Supply-Chain Attack
Cybersecurity

Socket Tracks 108 Malicious Packages In PolinRider Supply-Chain Attack

Socket reported 162 malicious release artefacts across 108 packages in the PolinRider supply-chain campaign. The report names Go, Packagist and Chrome extension exposure but does not identify victim companies.

Cisco Unified CM Flaw Puts WebDialer Exposure Under Patch Pressure
Cybersecurity

Cisco Unified CM Flaw Puts WebDialer Exposure Under Patch Pressure

Cisco disclosed fixed-release guidance for a critical Unified Communications Manager flaw that can let attackers gain root privileges when WebDialer is enabled. Cisco PSIRT is aware of public proof-of-concept exploit code for CVE-2026-20230, though it has not found active exploitation or targeting. The immediate test is whether administrators patch Unified CM or disable WebDialer before proof-of-concept code turns into wider exposure.

Keep Reading

More Stories

Latest
Sunrun Plans Home AI Compute Pilot Without Naming Enterprise BuyersCloud & Data CentersJul 11, 2026Sunrun Plans Home AI Compute Pilot Without Naming Enterprise BuyersSunrun is piloting distributed AI compute nodes in homes with its solar and battery systems, using a customer base of more than 1.1 million as the deployment base. The company said homeowners will be compensated, but it did not name enterprise buyers, hosting rates, node counts, pilot locations or measured revenue.GSA Counts 32 African Satellite D2D Partnerships Before Launch WaveTelco & ConnectivityJul 11, 2026GSA Counts 32 African Satellite D2D Partnerships Before Launch WaveGSA says African operators have announced 32 direct-to-device satellite partnerships as D2D launches spread to 18 countries, but launch dates, tariffs, handset support and roaming terms remain undisclosed.Apple Lawsuit Accuses OpenAI Of Using Trade Secrets For Hardware PushCapital & PolicyJul 11, 2026Apple Lawsuit Accuses OpenAI Of Using Trade Secrets For Hardware PushApple alleges OpenAI used former Apple staff and confidential material to support a hardware push, while OpenAI says it has no interest in other companies' trade secrets.DEWA Launches International Utility Arm Without Naming First ProjectsEconomyJul 11, 2026DEWA Launches International Utility Arm Without Naming First ProjectsDEWA launched DEWA International as a wholly owned subsidiary to develop energy and water infrastructure abroad. The Dubai utility cited AED32.8 billion in 2025 revenue and AED9.06 billion in net profit, but did not name first countries, partners, contracts, investment values or capacity targets.e& Sells Vodafone Stake For $5.95 Billion Without Naming Cash UseCapital & PolicyJul 11, 2026e& Sells Vodafone Stake For $5.95 Billion Without Naming Cash Usee& agreed to sell its full 16.21 per cent Vodafone stake to Vega for $5.95 billion, ending its board-level investment in the British telecoms group. The UAE company expects roughly Dh4.7 billion in net cash return but did not name the institutions holding the shares before completion or a specific use of proceeds.North Carolina Cuts Data Centre Power Tax Break As AI Loads GrowCloud & Data CentersJul 11, 2026North Carolina Cuts Data Centre Power Tax Break As AI Loads GrowNorth Carolina repealed a sales tax exemption on data centre electricity while keeping equipment incentives. The North Carolina General Assembly Fiscal Research Division said the repeal would add $21.4 million in fiscal year 2026-27 revenue, while large-load utility rules remain unresolved.SK hynix Memristor AI Chip Shows 21.3 TOPS/W But Leaves Throughput GapChips & SemiconductorsJul 11, 2026SK hynix Memristor AI Chip Shows 21.3 TOPS/W But Leaves Throughput GapSK hynix, TetraMem and USC researchers developed a 65 nm memristor-based in-memory computing chip for edge AI. The paper listed 21.3 TOPS/W at 100 MHz, but the demonstration left four of 10 NPUs idle and did not disclose full-chip saturated throughput.Metaplanet Studies Bitcoin-Backed Digital Bonds With JPYC And ProgmatFintech & Digital PaymentsJul 11, 2026Metaplanet Studies Bitcoin-Backed Digital Bonds With JPYC And ProgmatMetaplanet is studying Bitcoin-backed digital credit products with JPYC, Progmat and a securities unit under Project Nova. The company linked the work to its JPY 2.1 billion Siiibo Securities acquisition, but said no issuance decision has been made and its 43,000 BTC treasury is not pledged.Burjeel Sukuk Draws $1.6 Billion Order Book As Proceeds Cover Expansion And Digital ProjectsCapital & PolicyJul 10, 2026Burjeel Sukuk Draws $1.6 Billion Order Book As Proceeds Cover Expansion And Digital ProjectsBurjeel Holdings listed a $500 million sukuk on the London Stock Exchange after a $1.6 billion order book. The company said proceeds will refinance debt and support expansion, digital transformation and AI-enabled healthcare work, but it did not name project budgets, suppliers or deployment dates.IBM Bob Adds Multi-Agent AI Controls For Legacy Software WorkAIJul 10, 2026IBM Bob Adds Multi-Agent AI Controls For Legacy Software WorkIBM has expanded Bob with multi-agent coordination, Bobalytics cost analytics and premium IBM Z, IBM i and Java workflows, while customer performance claims still lack independent benchmark detail.SK Hynix Nasdaq Debut Raises $26.5 Billion For AI Memory CapacityChips & SemiconductorsJul 10, 2026SK Hynix Nasdaq Debut Raises $26.5 Billion For AI Memory CapacityTech Wire Asia said SK Hynix is raising about $26.5 billion through a Nasdaq listing to fund Korean fabs and packaging capacity, while also flagging a 200% share run and memory-cycle risk.Microsoft Says AI Datacentres Drove 25 Percent Emissions RiseCloud & Data CentersJul 10, 2026Microsoft Says AI Datacentres Drove 25 Percent Emissions RiseMicrosoft said total Scope 1, Scope 2 and Scope 3 emissions rose 25 percent year over year in FY25, driven primarily by datacentre infrastructure expansion. The company matched 100 percent of annual global electricity consumption with renewable energy, but said AI infrastructure demand for energy, water, land and materials is still outpacing sustainability solutions.