US Cybersecurity Agency CISA Encounters Unforeseen Humiliation: Juggling Leak Response and Guideline Formulation
13 hour ago / Read about 0 minute
Author:小编   

The US federal Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a review report, candidly acknowledging its absence of pre-existing emergency strategies or response protocols during its management of a significant cybersecurity breach in May 2026. This breach entailed the unauthorized disclosure of access credentials for US government systems, compelling CISA personnel to react swiftly in the initial phase while concurrently formulating response guidelines on the fly.
As detailed in the report, the breach stemmed from a CISA contractor, Nightwing. An employee of this contractor inadvertently made a code repository, which contained the highest-level administrator access keys for AWS GovCloud, publicly accessible on GitHub for a duration of six months. This action inadvertently led to the exposure of highly sensitive core information. The incident brought to light systemic weaknesses within CISA's supply chain security, DevSecOps framework, and GitHub credential management practices.