CISA Credentials, Sensitive Data Exposed in GitHub Repository

**Executive Summary:** A contractor for CISA publicly exposed sensitive CISA/DHS credentials and internal engineering artifacts in a GitHub repository for months — including AWS GovCloud admin keys, plaintext passwords, tokens, and build/deploy details — which persisted until researchers alerted the agency; the repository was taken offline and CISA reports no confirmed compromise, but the leak presented a high-risk window because some keys remained valid for 48 hours.