Accidents Happen. Even at CISA.
Last weekend, a security researcher discovered that a CISA contractor had pushed a public GitHub repository containing AWS GovCloud administrative credentials, plaintext passwords for dozens of internal systems, and access to CISA's internal artifact registry. The contractor had also manually disabled GitHub's built-in secret scanning.
Brian Krebs has the full story: CISA Admin Leaked AWS GovCloud Keys on Github →