CISA credential leak raises alarms, and Capitol Hill demands answers

A contractor-maintained public GitHub repository called "Private-CISA" was found to contain privileged AWS GovCloud and internal CISA credentials. The discovery by GitGuardian prompted CISA to remove the repository and spurred congressional requests for briefings; while CISA reports no indication of compromise, security experts warn the exposure could allow persistent access or serious misuse if obtained by malicious actors.