Unbiased AI-powered news
A federal cybersecurity agency left plaintext passwords and cloud keys in a spreadsheet uploaded to a public GitHub repository. An independent researcher identified the exposure and reported it after the contractor did not respond.
9to5mac.comA federal cybersecurity agency left plaintext passwords and cloud keys in a spreadsheet uploaded to a public GitHub repository. An independent researcher identified the exposure and reported it after the contractor did not respond.
GitGuardian security researcher Guillaume Valadon found reams of exposed plaintext credentials listed in spreadsheets, which had been made publicly accessible in a GitHub repository by an employee working for a CISA contractor. Valadon told Krebs that the exposed credentials were used for accessing systems belonging to CISA and its parent agency, the Department of Homeland Security.
Valadon said the credentials included access tokens, cloud keys, and other sensitive files. Valadon told Krebs that he tested some of the keys to verify that they were valid. He then reported the lapse to Krebs because the CISA contractor who maintained the GitHub environment did not respond to their alerts.
It is not clear if anyone found or used the credentials other than Valadon.
When reached by TechCrunch, a CISA spokesperson did not immediately comment or say if the agency has any evidence of a breach stemming from this exposure. TechCrunch asked if the agency has revoked and replaced the exposed credentials following the incident.
While the incident was traced back to an employee working for a CISA contractor, CISA is ultimately responsible for the security of its own network and systems, including contractors who work for the agency. The security lapse is particularly embarrassing for CISA because the U.S. government agency is responsible for cybersecurity across the civilian federal network.
The organization also advises on best cybersecurity practices, which includes storing passwords in secured password managers and not in unprotected spreadsheets.
Single source — no framing comparison available.
news.sky.comThe European Commission is reviewing expert recommendations for phased restrictions on children's social media access. President Ursula von der Leyen said new legislation could be proposed after the summer.
The European Union sanctioned nine people and four entities on July 13, 2026. Britain sanctioned 24 people and entities the same day over a network active since 2010.
app.buzzsumo.comPresident Donald Trump directed Treasury Secretary Scott Bessent and Commerce Secretary Howard Lutnick to examine Australia's superannuation model. The move came during July 6 meetings focused on expanding U.S. retirement options. Fortune reported the announcement alongside data…