CISA Admin Leaked AWS GovCloud Keys on Github

A public GitHub repository maintained by a CISA contractor (the “Private-CISA” repo) accidentally exposed numerous sensitive assets — including administrative AWS GovCloud keys, plaintext internal passwords, tokens, and access to the agency’s artifactory — potentially enabling attackers to access, persist in, or backdoor CISA systems; the account was taken offline after disclosure but some credentials remained valid for 48 hours and CISA is investigating.