{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigi55fpayvljjtsmdoj3thv6of724tivw55p7665u56rpvwfds7na",
    "uri": "at://did:plc:f2fwojywviapy7mx4uk5sf4d/app.bsky.feed.post/3mm7bx4cqjk42"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiejoawaa7l3ne2enh5xt4nhwhjow6cxvzi27pwmoop6ohfidtkyey"
    },
    "mimeType": "image/png",
    "size": 433190
  },
  "path": "/how-we-got-a-cisa-github-leak-taken-down-in-26-hours/",
  "publishedAt": "2026-05-19T08:13:57.000Z",
  "site": "https://blog.gitguardian.com",
  "tags": [
    "Security Research"
  ],
  "textContent": "On May 14, GitGuardian found a public GitHub repository called \"Private-CISA\" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.",
  "title": "How We Got a CISA GitHub Leak Taken Down in Under a Day"
}