America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames

A public GitHub repository titled "Private-CISA" exposed roughly 844 MB of sensitive CISA infrastructure data for about six months, including plaintext passwords, private keys, AWS and Azure credentials, GitHub tokens, Kubernetes manifests, Terraform code, and SAML certificates; the leak was discovered by a GitGuardian researcher on May 14 and the repository was taken offline the following day with CISA stating there is currently no indication of compromise.