CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

AWS GovCloud administrative credentials exposed via contractor-managed public GitHub repository

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

A CISA contractor exposed credentials for AWS GovCloud accounts and internal systems via a public GitHub repository named "Private-CISA", enabling potential lateral movement within CISA’s networks. The exposure, first reported by GitGuardian on May 15, 2026, included plaintext passwords, cloud keys, tokens, and software deployment details. The repository was taken offline promptly, but exposed AWS keys remained valid for 48 hours, and CISA has stated there is no indication of sensitive data compromise. Lawmakers have since demanded answers from CISA, citing concerns over internal security culture and contractor oversight, particularly amid significant workforce disruptions at the agency. Reports indicate CISA struggled to fully invalidate exposed credentials for over a week, with evidence suggesting adversaries may have accessed the secrets. An RSA private key in the repository granted full access to CISA’s GitHub enterprise account until its recent revocation.

Timeline

  1. 18.05.2026 23:48 2 articles · 3d ago

    AWS GovCloud administrative keys and CISA internal credentials exposed via public GitHub repository

    A CISA contractor’s public GitHub repository named "Private-CISA" exposed credentials for three AWS GovCloud accounts with administrative privileges, plaintext passwords for dozens of internal CISA systems, and credentials to CISA’s internal artifactory repository. The repository, created November 13, 2025, and maintained by a Nightwing contractor, contained plaintext passwords, cloud keys, tokens, logs, and software deployment files. The contractor disabled GitHub’s default secrets detection and used the repository as an informal synchronization mechanism between work and personal environments. Lawmakers in both houses of Congress demanded answers from CISA regarding the exposure, citing concerns about internal security culture and contractor oversight. CISA acknowledged the leak but has not publicly addressed the full duration of the exposure despite inquiries. Experts noted that adversaries likely monitored the GitHub commit firehose and may have accessed exposed secrets, with the most egregious exposure occurring in late April 2025. CISA struggled to invalidate exposed credentials, including an RSA private key granting full access to the CISA-IT GitHub enterprise organization, which was revoked only after notification. The repository was taken offline after notification, but exposed AWS keys remained valid for an additional 48 hours. CISA has stated there is no indication of sensitive data compromise and is investigating the incident.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Unauthorized access to GitHub internal repositories reported; TeamPCP claims data sale and expands malware campaign

GitHub confirmed the unauthorized access to internal repositories stemmed from a trojanized Nx Console VS Code extension installed by an employee, which was live on the Visual Studio Marketplace for only eighteen minutes before removal. The extension, poisoned via a developer’s compromised system linked to the TanStack supply chain attack, executed a stealthy credential stealer targeting data from 1Password, Anthropic Claude Code, npm, GitHub, and AWS. GitHub’s Chief Information Security Officer stated there is no evidence of impact to customer data stored outside internal repositories, and the company has rotated critical secrets as part of containment. TeamPCP claimed responsibility, offering the alleged GitHub data dump for sale with a minimum price of $50,000 and threatening free release if no buyer is found. TeamPCP expanded operations by compromising the durabletask PyPI package with a Linux infostealer targeting credentials across cloud environments and forming partnerships with extortion and ransomware actors including Lapsus$ and Vect ransomware. Grafana Labs confirmed a breach was caused by a missed GitHub workflow token rotation following the TanStack npm supply-chain attack, resulting in the exfiltration of operational information such as business contact names and email addresses without compromising customer production systems. GitHub has now explicitly linked the breach vector to the TanStack npm supply-chain attack, which compromised dozens of TanStack and Mistral AI packages and leaked developer GitHub credentials via the GitHub CLI (gh), enabling the poisoning of the Nx Console extension used in the intrusion.

Open in new tab

OpenAI, TanStack, and Mistral AI Impacted in Escalating Mini Shai-Hulud Supply Chain Campaign

The Mini Shai-Hulud supply chain campaign has escalated with a new wave of 639 compromised npm packages tied to the AntV ecosystem, including high-download dependencies such as echarts-for-react and timeago.js. The attack ran for roughly one hour on May 19, 2026, beginning at 01:56 UTC, publishing malicious versions from the compromised “atool” maintainer account that held rights for over 500 packages. Each compromised package added an obfuscated Bun bundle preinstall hook to harvest and exfiltrate credentials (cloud, CI/CD, SSH, Kubernetes, and password manager vaults) via GitHub repositories marked with Dune-themed names and the campaign's reversed signature. Earlier waves targeted TanStack and Mistral AI SDKs, SAP npm packages, and PyPI ecosystems (Lightning, intercom-client), while compromising GitHub Actions workflows ('actions-cool/issues-helper', 'actions-cool/maintain-one-comment') and hundreds of npm packages across multiple ecosystems. Affected organizations include OpenAI (two employee devices breached via TanStack), UiPath, Guardrails AI, OpenSearch, SAP, and hundreds of npm and PyPI packages. The malware harvests over 20 credential types, abuses OIDC tokens to forge Sigstore provenance attestations, implements self-propagation via stolen npm tokens, and includes a destructive sabotage payload targeting systems in Israel or Iran. The campaign is attributed to TeamPCP, which publicly released the Shai-Hulud source code, enabling rapid cloning and weaponization by other actors.

Open in new tab

TeamPCP escalates CanisterWorm campaign with geopolitical targeting and multi-vector attacks

TeamPCP has escalated its multi-vector CanisterWorm campaign into a geopolitically targeted operation, now confirmed to have leveraged the Trivy supply-chain attack as an access vector for the Checkmarx compromise. The group compromised PyPI packages (LiteLLM versions 1.82.7–1.82.8 and Telnyx versions 4.87.1–4.87.2) and Checkmarx KICS tooling to deliver credential-stealing malware, harvesting SSH keys, cloud credentials, Kubernetes secrets, database credentials, cryptocurrency wallets, TLS/SSL private keys, and bash history files. Checkmarx has publicly confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository, with access facilitated by the Trivy compromise attributed to TeamPCP. The leaked data, published on both dark web and clearnet portals, did not contain customer information, and Checkmarx has blocked access to the affected repository pending forensic investigation. The campaign’s scope expanded from initial npm package compromises to include GitHub repository hijacking (e.g., Aqua Security), Docker Hub compromise, and CI/CD pipeline targeting, while destructive payloads in Iranian Kubernetes environments highlight TeamPCP’s geopolitical alignment. On May 9, 2026, TeamPCP published a malicious version of the Checkmarx Jenkins AST plugin (2.0.13-829.vc72453fa_1c16) to the Jenkins Marketplace, defacing the plugin’s GitHub repository with pro-TeamPCP messaging. The compromise was facilitated using credentials stolen in the March 2026 Trivy supply-chain attack and occurred outside the plugin’s official release pipeline, lacking a git tag or GitHub release. Checkmarx isolated its GitHub repositories from customer environments and stated no customer data was stored in them. Users are advised to use version 2.0.13-829.vc72453fa_1c16 published on December 17, 2025, or older.

Open in new tab

Tag poisoning in Trivy GitHub Actions repositories delivers cloud-native infostealer payload

Attackers compromised two official Trivy-related GitHub Actions repositories—aquasecurity/trivy-action and aquasecurity/setup-trivy—and backdoored Trivy v0.69.4 releases, distributing a Python-based infostealer that harvests wide-ranging CI/CD and developer secrets. The payload executes in GitHub Actions runners and Trivy binaries, remaining active for up to 12 hours in Actions tags and three hours in the malicious release. The actors leveraged compromised credentials from a prior March incident and added persistence via systemd services, while also linking to a follow-up npm campaign using the CanisterWorm self-propagating worm. The incident traces to a credential compromise initially disclosed in early March 2026, which was not fully contained and enabled subsequent tag and release manipulations. Safe releases are now available and mitigation includes pinning Actions to full SHA hashes, blocking exfiltration endpoints, and rotating all affected secrets.

Open in new tab

DevOps Stack Security Risks and Mitigation Strategies

DevOps environments face significant security risks due to the complexity and criticality of the data managed in Git-based platforms. The shared responsibility model places the burden of data security on users, requiring strict access controls, credential protection, and automated backups. Each platform offers different security features, and common vulnerabilities include weak access control, outdated systems, and lack of disaster recovery strategies. Recent attacks, such as the supply-chain attack on GitHub Actions, highlight the importance of addressing these risks proactively.

Open in new tab