America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames

A public GitHub repository named “Private-CISA” containing roughly 844 MB of production infrastructure material and numerous plaintext secrets (passwords, private keys, tokens, AWS/Azure credentials, Kubernetes manifests, Terraform, GitHub tokens, Entra ID SAML certs, etc.) was discovered and reported on May 14; CISA removed the repository the next day. The leak persisted for approximately six months, included obvious filenames and an explicit guide to disable GitHub secret scanning, and created multiple high-impact attack paths including destructive operations, long-term persistence in build/deploy pipelines, and credential-driven access.