Contractor’s public GitHub account exposed GovCloud and CISA credentials

The report highlights that credentials belonging to a contractor associated with CISA were exposed in a public GitHub repository, warning that such exposures could enable supply-chain attacks or deep infiltration into government systems; experts urge organizations to deploy automated secret scanning and blocking, enforce separation of personal and professional developer environments, require MFA and zero-trust practices, use short‑lived credentials and honeytokens, and inventory all code locations to mitigate risk.