US cyber agency CISA exposed reams of passwords and cloud keys to the open web

A public GitHub repository maintained by a CISA contractor inadvertently exposed spreadsheets of plaintext credentials — including access tokens and cloud keys — which a security researcher discovered and briefly validated before reporting the lapse; CISA says it is investigating and has found no indication of compromise.