The Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, is responsible for cybersecurity and infrastructure security throughout the federal government, to improve cybersecurity protection against private and nation-state hackers.
CISA has been without a director since the beginning of President Trump’s second term, when the then-director resigned. In addition, the Trump administration cut funding to the agency and, through the budget cuts, furloughs, and layoffs, the agency lost about one-third of its workforce. On top of that, in March 2025, Defense Secretary Pete Hegseth ordered U.S. Cyber Command to “halt cyber-offense operations against Russia” and “ordered the unit to stand down panning against Russian cybersecurity threats.”
Russia has always been one of our top cyber adversaries and there is no indication that offensive planning has taken place in the past year.
With the layoffs, budget cuts, furloughs, and resignations, CISA has been embattled in fulfilling its mission. The strain became abundantly clear recently when GitGuardian security researcher Guillaume Valadon found “reams of exposed plaintext credentials listed in spreadsheets, which had been made publicly accessible in a GitHub repository by an employee working for a CISA contractor.”
The researcher contacted security reporter Brian Krebs on May 15, 2026, who reported that the CISA contractor “maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems” which “included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.”
The repository was named “Private-CISA” and included “a vast number of internal CISA/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets.”
The GitHub account has been taken offline. It was created in September 2018, and the Private-CISA repository was created in November 2025.
It is unknown whether anyone, including a foreign adversary such as Russia, found, accessed or used the credentials. CISA has confirmed that it is aware of the reported exposure and is continuing to investigate the situation. The question is what other lapses will occur as a result of the agency’s decimation.
