Whoa, guys, you gotta see this. CISA admin just dropped some absolutely massive security fails on GitHub.<br>
<br>
So, some contractor for the Cybersecurity & Infrastructure Security Agency (CISA) accidentally made a public repo that was basically a goldmine of credentials. We're talking exposed keys and tokens for several highly privileged AWS GovCloud accounts, plus plaintext passwords for dozens of internal CISA systems. This isn't just a minor leak; this is a textbook disaster.<br>
<br>
The real kicker is *how* it happened. The admin apparently turned off GitHub's secret detection feature and stored passwords in plain text CSV files. Itβs pure, unadulterated poor security hygiene. One file even gave away admin access to three critical AWS GovCloud servers! The potential for lateral movement for an attacker is huge, as these credentials could let them jump right into the "Landing Zone DevSecOps" environment.<br>
<br>
Itβs wild that this happened. It really highlights that even in the most security-conscious organizations, human error combined with lazy tooling can blow the whole thing wide open. This proves that "security awareness" needs to be more than just a buzzword; it needs to be enforced by the tooling itself.<br>
<br>
This is the kind of leak that makes you wonder what *else* is running around in these massive government systems.<br>
<br>
Source: https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/