Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.
On May 18, KrebsOnSecurity reported that a CISA contractor with administrative access to the agency’s code development platform had created a public GitHub profile called “Private-CISA” that included plaintext credentials to dozens of internal CISA systems. Experts who reviewed the exposed secrets said the commit logs for the code repository showed the CISA contractor disabled GitHub’s built-in protection against publishing sensitive credentials in public repos.
CISA acknowledged the leak but has not responded to questions about the duration of the data exposure. However, experts who reviewed the now-defunct Private-CISA archive said it was originally created in November 2025, and that it exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository.
In a written statement, CISA said “there is no indication that any sensitive data was compromised as a result of the incident.” But in a May 19 a letter (PDF) to CISA’s Acting Director Nick Andersen, Sen. Maggie Hassan (D-NH) said the credential leak raises serious questions about how such a security lapse could occur at the very agency charged with helping to prevent cyber breaches.
“This reporting raises serious concerns regarding CISA’s internal policies and procedures at a time of significant cybersecurity threats against U.S. critical infrastructure,” Sen. Hassan wrote.
A May 19 letter from Sen. Margaret Hassan (D-NH) to the acting director of CISA demanded answers to a dozen questions about the breach.
Sen. Hassan noted that the incident occurred against the backdrop of major disruptions internally at CISA, which lost more than a third of it workforce and almost all of its senior leaders after the Trump administration forced a series of early retirements, buyouts, and resignations across the agency’s various divisions.
Rep. Bennie Thompson (D-MS), the ranking member on the House Homeland Security Committee, echoed the senator’s concerns.
“We are concerned that this incident reflects a diminished security culture and/or an inability for CISA to adequately manage its contract support,” Thompson wrote in a May 19 letter to the acting CISA chief that was co-signed by Rep. Delia Ramirez (D-Ill), the ranking member of the panel’s Subcommittee on Cybersecurity and Infrastructure Protection. “It’s no secret that our adversaries — like China, Russia, and Iran — seek to gain access to and persistence on federal networks. The files contained in the ‘Private-CISA’ repository provided the information, access, and roadmap to do just that.”
KrebsOnSecurity has learned that more a week after CISA was first notified of the data leak by the security firm GitGuardian, the agency is still working to invalidate and replace many of the exposed keys and secrets.
On May 20, KrebsOnSecurity heard from Dylan Ayrey, the creator of TruffleHog, an open-source tool for discovering private keys and other secrets buried in code hosted at GitHub and other public platforms. Ayrey said CISA still hadn’t invalidated an RSA private key exposed in the Private-CISA repo that granted access to a GitHub app which is owned by the CISA enterprise account and installed on the CISA-IT GitHub organization with full access to all code repositories.
“An attacker with this key can read source code from every repository in the CISA-IT organization, including private repos, register rogue self-hosted runners to hijack CI/CD pipelines and access repository secrets, and modify repository admin settings including branch protection rules, webhooks, and deploy keys,” Ayrey told KrebsOnSecurity. CI/CD stands for Continuous Integration and Continuous Delivery, and it refers to a set of practices used to automate the building, testing and deployment of software.
KrebsOnSecurity notified CISA about Ayrey’s findings on May 20. Ayrey said CISA appears to have invalidated the exposed RSA private key sometime after that notification. But he noted that CISA still hasn’t rotated leaked credentials tied to other critical security technologies that are deployed across the agency’s technology portfolio (KrebsOnSecurity is not naming those technologies publicly for the time being).
CISA responded with a brief written statement in response to questions about Ayrey’s findings, saying “CISA is actively responding and coordinating with the appropriate parties and vendors to ensure any identified leaked credentials are rotated and rendered invalid and will continue to take appropriate steps to protect the security of our systems.”
Ayrey said his company Truffle Security monitors GitHub and a number of other code platforms for exposed keys, and attempts to alert affected accounts to the sensitive data exposure(s). They can do this easily on GitHub because the platform publishes a live feed which includes a record of all commits and changes to public code repositories. But he said cybercriminal actors also monitor these public feeds, and are often quick to pounce on API or SSH keys that get inadvertently published in code commits.
The Private-CISA GitHub repo exposed dozens of plaintext credentials to important CISA GovCloud resources.
In practical terms, it is likely that cybercrime groups or foreign adversaries also noticed the publication of these CISA secrets, the most egregious of which appears to have happened in late April 2026, Ayrey said.
“We monitor that firehose of data for keys, and we have tools to try to figure out whose they are,” he said. “We have evidence attackers monitor that firehose as well. Anyone monitoring GitHub events could be sitting on this information.”
James Wilson, the enterprise technology editor for the Risky Business security podcast, said organizations using GitHub to manage code projects can set top-down policies that prevent employees from disabling GitHub’s protections against publishing secret keys and credentials. But Wilson’s co-host Adam Boileau said it’s not clear that any technology could stop employees from opening their own personal GitHub account and using it to store sensitive and proprietary information.
“Ultimately, this is a thing you can’t solve with a technical control,” Boileau said on this week’s podcast. “This is a human problem where you’ve hired a contractor to do this work and they have decided of their own volition to use GitHub to synchronize content from a work machine to a home machine. I don’t know what technical controls you could put in place given that this is being done presumably outside of anything CISA managed or even had visibility on.”
Update, 3:05 p.m. ET: Added statement from CISA. Corrected a date in the story (Truffle Security said it found the repo gained some of its most sensitive secrets in late April 2026, not 2025).
Domani sabato 23 Maggio alle ore 10.30 a Cesena si terrà il presidio presso l’area parcheggio piastra – Ospedale Bufalini. Organizzato dal Partito Comunista – Cesena
Per ricordare come l’invio di armi in una guerra fatta per procura stia massacrando il nostro paese, nella sanità e non solo!
L’Italia verserà altri 13 miliardi di euro per continuare ad armare l’Ucraina e alimentare la guerra.
• 700 miliardi di euro per acquistare gas liquefatto statunitense, fino a quattro volte più costoso di quello russo.
• 800 miliardi destinati al riarmo dell’Unione Europea.
• 42 miliardi per il riarmo dell’Italia, decisi dal Governo Meloni con il consenso dell’opposizione di centrosinistra.
Tutto questo mentre milioni di cittadini rinunciano a curarsi o sono costretti a indebitarsi per sostenere i costi delle terapie. Mancano medici e infermieri, mentre ogni anno oltre 360.000 persone si ammalano di cancro e necessitano di cure e assistenza adeguate.
Crescono le malattie professionali, gli infortuni e le morti sul lavoro, spesso causati dalla mancanza di prevenzione e controlli.
Salari bloccati, pensioni insufficienti, licenziamenti, cassa integrazione, piccoli artigiani e commercianti in difficoltà: questa è la realtà del Paese.
Nel frattempo, banche, multinazionali e industrie belliche continuano ad accumulare profitti.
BASTA!
Fermiamo il folle disegno dell’Unione Europea che punta a un confronto diretto con la Russia.
• NO all’invio di armi in Ucraina.
• NO al riarmo UE/NATO.
• NO alle sanzioni contro la Russia.
CONTRO LA GUERRA per LA PACE!
Contribuisci al Partito Comunista con una piccola sottoscrizione:
Iscriviti al Partito Comunista:
Segui il Partito Comunista sui social:
Ascolta il nostro podcast su tutte le piattaforme:L'articolo Cesena, presidio del Partito Comunista contro guerra e riarmo davanti all’Ospedale Bufalini proviene da IL PARTITO COMUNISTA - Sito Ufficiale.
4 min read
From high‑speed research flights to high‑altitude science campaigns, NASA depends on aircraft that perform at their best and the ground crews who keep them mission ready.
At NASA’s Armstrong Flight Research Center in Edwards, California, specially trained maintenance crews are essential to keeping the agency’s aircraft flying safely and reliably.
This year, NASA added two F-15s and a Pilatus PC-12 to its fleet at Armstrong. These aircraft – alongside platforms such as the high-altitude ER-2s and NASA’s newest X-plane, the X-59 – reflect a wide range of capabilities. The maintenance staff is responsible for keeping each one mission ready.
“That’s the beauty of our Armstrong maintenance teams. They adapt to any type of change,” said Jose “Manny” Rodriguez, NASA Armstrong Gulfstream G-IV crew chief. “One day you could have an instrument being loaded, and the next day it may be aircraft reconfiguration, all while other aircraft systems may need fixing. They adapt and they overcome any situation.”
Each aircraft supports a specific mission, whether it’s conducting science research, serving as a support or chase aircraft, or assisting NASA rocket launches. The aircraft fly at different speeds, carry specialized hardware, and require maintenance crews to stay agile with fast-paced changes.
To ensure NASA can make aeronautics and science advancements safely, the crews work continuously, checking on the ejection seats, filling the tanks with fuel, and changing out brakes, wheels, wiring, and hardware constantly, all of which can degrade with each flight.
On any given day, an aircraft may be flight-ready for a mission, undergoing scheduled maintenance or modifications, or down for longer-term care.
There are typically multiple NASA Armstrong aircraft in the air in one day. Currently, the center’s C-20A is flying in Peru and Panama, the X-59 is often flying twice per day with a chase plane, and the center’s ER-2 is flying in Colorado, supporting the Geological Earth Mapping Experiment (GEMx). All this work is happening at the same time, and Armstrong’s skilled maintenance staff is prepping and fixing aircraft as needed along the way.
The team includes mechanics with both military and civilian backgrounds, and the job involves a lot of on-the-job training.
Maintenance crews are composed of:
After the maintenance crew ensures the aircraft is in the best condition possible, the team tows it out to the flightline, and it becomes ready for operations. The NASA pilot assigned to the mission will walk around the aircraft with the assigned crew chief for a final safety check before flight.
“There is a crew chief assigned to every aircraft,” Rodriguez said. “The crew chief is responsible for the integrity of that aircraft, and at the end of the day, his signature and the pilot’s together are what constitutes that the aircraft is safe for flight.”
Maintenance crews track each flight to help ensure it completes the mission without returning early. If an aircraft does return to base early, the maintenance team stands ready. When it lands, the crew is right there again, helping the research team complete the mission and fixing whatever is needed to stay nimble and ready for the next flight.
“It’s difficult at times to work with different airplanes from both the civilian and military sides, but it’s very rewarding to see that we have the capability and the expertise to keep these aircraft flying,” Rodriguez said.
Editor’s Note: This advisory was updated May 22, 2026 to include a retirement.
NASA announced Friday an agencywide realignment to increase mission focus and move out on the National Space Policy. These changes position the agency to better deliver on the nation’s highest‑priority objectives with speed and efficiency.
During the Ignition event in late March, NASA Administrator Jared Isaacman and agency leaders outlined the most pressing objectives to deliver on the next chapter of American leadership in space. President Trump’s Executive Order Ensuring American Space Superiority, otherwise known as the National Space Policy, directed NASA to focus talent and resources on objectives including accelerating the Artemis program, establishing a Moon Base, developing a nuclear space reactor, igniting the orbital economy, and expanding missions of science and discovery.
To support the agency’s ambitious short- and long-term goals, NASA is taking action to increase specialization at centers and integrate mission directorates, elevating delivery of technically excellent work. Some of these actions include:
“This initiative reflects NASA’s extreme focus on executing the mission in direct support of the National Space Policy. We are focusing resources on the most pressing objectives only NASA is capable of undertaking and liberating the workforce from unnecessary bureaucracy and obstacles that impede progress. We aim to rebuild competencies and instill a culture that attracts the best and brightest capable of pursuing the most demanding engineering challenges and moving safely and urgently,” said Isaacman. “There will be no reduction in force, no program cancellations, no closures, but we will achieve cost savings through more efficient execution and taking an active role in delivering the outcomes the world has been waiting for from NASA. This is how we deliver on the mission, meet the moment, and continue to make history on behalf of the American people.”
Mission directorate realignment is as follows:
Additional leadership roles, in alphabetical order, include:
Leadership at unlisted centers remains unchanged.
For more, please visit:
https://www.nasa.gov/nasa-leadership
-end-
Bethany Stevens / Camille Gallo
Headquarters, Washington
202-358-1600
bethany.c.stevens@nasa.gov / camille.m.gallo@nasa.gov
Il video presenta la nuova app PROASSIST 4.0 che monitora i parametri dei pazienti a distanza. Gli operatori tracciano ogni intervento in tempo reale per offrire un’assistenza mirata. È il progetto Fragilità Sostenuta a Domicilio: tecnologia e cura che lavorano insieme per le persone fragili. Un'iniziativa di SmartHUB, il laboratorio di innovazione nato a Firenze dalla collaborazione tra Fondazione CR Firenze, che oltre a promuovere l’iniziativa la sostiene, Università degli Studi di Firenze, Azienda USL Toscana CentroSocietà della Salute, Fondazione PIN e Medea Srl.
Il video presenta la nuova app PROASSIST 4.0 che monitora i parametri dei pazienti a distanza. Gli operatori tracciano ogni intervento in tempo reale per offrire un’assistenza mirata. È il progetto Fragilità Sostenuta a Domicilio: tecnologia e cura che lavorano insieme per le persone fragili. Un'iniziativa di SmartHUB, il laboratorio di innovazione nato a Firenze dalla collaborazione tra Fondazione CR Firenze, che oltre a promuovere l’iniziativa la sostiene, Università degli Studi di Firenze, Azienda USL Toscana CentroSocietà della Salute, Fondazione PIN e Medea Srl.
Conclusa la conferenza annuale sui temi dell’etica digitale, dell’autonomia tecnologica e del futuro condiviso della ricerca a Pisa dal 19 al 21 maggio 2026.
Italian Linux Society ha attivato il nuovo conto in Banca Etica e iniziamo l'abbandono di Unicredit. I motivi.
Continua la lettura… (ulteriori 7 minuti di lettura)
L’epoca d’oro dei bug bounty potrebbe stare entrando in una nuova fase molto più complessa. HackerOne, una delle piattaforme più importanti al mondo per la segnalazione responsabile di vulnerabilità, ha drasticamente ridotto le ricompense economiche del proprio programma Internet Bug Bounty (IBB), provocando forti reazioni nella comunità dei ricercatori di sicurezza. Secondo quanto riportato da […]
L'articolo HackerOne taglia drasticamente le ricompense dei bug bounty proviene da Securityinfo.it.
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.
A criminal complaint unsealed today in an Alaska district court charges Jacob Butler, a.k.a. “Dort,” of Ottawa, Canada with operating the Kimwolf DDoS botnet. A statement from the Department of Justice says the complaint against Butler was unsealed following the defendant’s arrest in Canada by the Ontario Provincial Police pursuant to a U.S. extradition warrant. Butler is currently in Canadian custody awaiting an initial court hearing scheduled for early next week.
The government said Kimwolf targeted infected devices which were traditionally “firewalled” from the rest of the internet, such as digital photo frames and web cameras. The infected systems were then rented to other cybercriminals, or forced to participate in record-smashing DDoS attacks, as well as assaults that affected Internet address ranges for the Department of Defense. Consequently, the DoD’s Defense Criminal Investigative Service is investigating the case, with assistance from the FBI field office in Anchorage.
“KimWolf was tied to DDoS attacks which were measured at nearly 30 Terabits per second, a record in recorded DDoS attack volume,” the Justice Department statement reads. “These attacks resulted in financial losses which, for some victims, exceeded one million dollars. The KimWolf botnet is alleged to have issued over 25,000 attack commands.”
On March 19, U.S. authorities joined international law enforcement partners in seizing the technical infrastructure for Kimwolf and three other large DDoS botnets — named Aisuru, JackSkid and Mossad — that were all competing for the same pool of vulnerable devices.
On February 28, KrebsOnSecurity identified Butler as the Kimwolf botmaster after digging through his various email addresses, registrations on the cybercrime forums, and posts to public Telegram and Discord servers. However, Dort continued to threaten and harass researchers who helped track down his real-life identity and dramatically slow the spread of his botnet.
Dort claimed responsibility for at least two swatting attacks targeting the founder of Synthient, a security startup that helped to secure a widespread critical security weakness that Kimwolf was using to spread faster and more effectively than any other IoT botnet out there. Synthient was among many technology companies thanked by the Justice Department today, and Synthient’s founder Ben Brundage told KrebsOnSecurity he’s relieved Butler is in custody.
“Hopefully this will end the harassment,” Brundage said.
An excerpt from the criminal complaint against Butler, detailing how he ordered a swatting attack against Ben Brundage, the founder of the security firm Synthient.
The government says investigators connected Butler to the administration of the KimWolf botnet through IP address, online account information, transaction records, and online messaging application records obtained through the issuance of legal process. The criminal complaint against Butler (PDF) shows he did little to separate his real-life and cybercriminal identities (something we demonstrated in our February unmasking of Dort).
In April, the Justice Department joined authorities across Europe in seizing domain names tied to nearly four-dozen DDoS-for-hire services, although because of a bureaucratic mix-up the list of seized domains has remain sealed until today. The DOJ said at least one of those services collaborated with Butler’s Kimwolf botnet.
A statement from the Ontario Provincial Police said a search warrant was executed on March 19 at Butler’s address in Ottawa, where they seized multiple devices. As a result of that investigation, Butler was arrested and charged this week with unauthorized user of computer; possession of device to obtain unauthorized use of computer system or to commit mischief; and mischief in relation to computer data. He is scheduled to remain in custody until a hearing on May 26.
In the United States, Butler is facing one count of aiding and abetting computer intrusion. If extradited, tried and convicted in a U.S. court, Butler could face up to 10 years in prison, although that maximum sentence would likely be heavily tempered by considerations in the U.S. Sentencing Guidelines, which make allowances for mitigating factors such as youth, lack of criminal history and level of cooperation with investigators.
ffs provides a minor mode for simple plain text presentations in
Emacs, where the slides are separated using the page-delimiter, by
default the form feed character (^L).
I wrote ffs in early 2022 for my LibrePlanet 2022 presentation the
Net beyond the Web, and earlier this year decided to polish it towards
being a proper package and submit it to GNU ELPA. The manual still
needs some more work, but the overall package is in pretty good shape
so I submitted for inclusion in GNU ELPA.
Accedi
ffs
ffs and I owe a debt of gratitude to Protesilaos for rounds of
code review and feedback for improving and polishing the package in
preparation for submission to GNU ELPA. You can watch videos of these
sessions posted earlier on my website:
Further, inspiration for parts of ffs's implementation was
gratefully drawn from Protesilaos's Logos package for Emacs.
Dedicated to the loving memory of Farangis Yousefinia.
Below are the release notes.
First release of ffs on GNU ELPA.
The attempted build of ffs 0.2.1 within GNU ELPA build sandbox failed
with an Error: void-function (org-texinfo-kbd-macro) due to use of
#+macro: kbd (eval (org-texinfo-kbd-macro $1)) in ffs.org for better
formatting of key sequences in the exported Texinfo copy. This seems
to have happened for the specific case of generating a plain text
README using ox-ascii where ELPA didn't load ox-texinfo. To try
and mitigate this, a README.md has been added for use as the package
README instead of ffs.org. If not sufficient, a Texinfo copy of the
ffs manual will be shipped instead of the Org one in the next release.
ffs 0.2.2 also includes small fixes and improvements throughout
ffs.el from Stefan Monnier, and additional feedback to be addressed
in future releases.
The attempted build of ffs 0.2.0 within GNU ELPA build sandbox failed with a "Cannot include file" error on the "#+include: fdl.org" in the manual. So, as a workaround, we switch to using the official Texinfo copy of the GNU FDL license rather than an Org copy.
First release of ffs intended for GNU ELPA.
After a few years of inactivity, in early 2026 I decided to dust off
ffs.el, polish and document it, and offer for inclusion in GNU ELPA
as a proper package.
ffs-default-face-height changed to nil
To minimize unexpected and/or unnecessary changes out-of-the-box, the
default value of ffs-default-face-height has been changed to nil.
ffs-edit-buffer-name demoted from user option to variableThis is not an important user-facing setting, so to help avoid overwhelming users with many options, this has been demoted from a user option to a variable.
ffs's behaviour
As part of the effort to bring ffs more in line with the conventions
of other existing Emacs packages, the mechanisms for toggling various
parts of Emacs's interface to minimize visual clutter were changed
from being minor modes to being customizable user options. These are
the replacement new user options, with a default value of nil:
ffs-hide-cursorffs-hide-mode-lineffs-hide-header-line
Their value is buffer-local, and may be set globally using
setq-default. See the sample configuration in the manual for an
example of how to customize them.
The new ffs-page-delimiter user option defines the page delimiter
inserted by ffs-edit-done when inserting a new slide. Emacs's
page-delimiter regexp should be able to match ffs-page-delimiter's
value, so if you use a custom page-delimiter be sure to customize
ffs-page-delimiter accordingly.
The new ffs-echo-progress user option controls whether to display in
echo area the progress through the slides. When non-nil, changing
slides will also display the progress through the slides in the echo
area. The format of the displayed progress can be customized using
the new ffs-echo-progress-format user option.
The new ffs-edit-display-buffer-alist user option may be used to
control the Window configuration for the ffs-edit buffer. By
default, it will display the ffs-edit buffer in the same window.
The new ffs-edit-done-hook user option may be used to define hooks
to be run at the end of ffs-edit-done after returning to the main
ffs presentation buffer.
Lastly, a new ffs-find-speaker-notes-function variable was added to
allow customizing the find function used for opening the speaker's
notes file, defaulting to find-file-other-frame.
Initial publication of ffs.el as part of my personal configurations
for GNU Emacs.
My first attempt at this concept was a now-archived ffsanim.el,
a major mode implementation that used Emacs's animate library to
animate slide texts onto the screen. Shortly after realizing the
shortcomings of that approach, I abandoned it in favour a minor mode
implementation and published version 0.1.0 of what is now ffs in
my personal configs repository.
I used this implementation for presenting my LibrePlanet 2022 talk, The Net beyond the Web.
I picked "ffs" as the package name, the acronym for form feed slides.
