AI Discovers Critical Linux Kernel Vulnerability After 15 Years, Alongside Pentagon's Hacker Training and License Plate Reader Controversy
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) admitted it lacked a pre-existing response plan for handling a cybersecurity incident in May, according to a postmortem report released on July 10, 2026.
The agency revealed that its staff had to create an incident playbook during the early stages of the crisis after a contractor's employee exposed sensitive credentials and keys for accessing U.S.government systems.
Independent journalist Brian Krebs reported that a security researcher with GitGuardian discovered the breach on GitHub, which an unnamed CISA contractor employee uploaded.Krebs attempted to notify the contractor but received no response, prompting CISA to take action after being contacted directly.The agency revoked and replaced all exposed credentials, stating no mission-critical data was compromised.
CISA acknowledged its channels for receiving security alerts from researchers were unclear and has since implemented changes to streamline communication.
The incident highlights ongoing challenges facing CISA, including leadership vacancies and workforce reductions since President Donald Trump's 2025 term began.