How a CISA Contractor Left Federal Cloud Credentials Exposed on GitHub

A contractor for the cybersecurity agency disabled GitHub's built-in secret scanning—a tool that flags exposed passwords and access tokens—before uploading a repository containing AWS credentials and Kubernetes config files. The deliberate shutdown of this protection, paired with naming the repo "Private-CISA," suggests intentional publication rather than careless mistake, raising questions about federal contractor security practices.

Published 16 days ago

Read at another depth

Expert Beginner

Recent briefs

See all briefs →

Europe's Gas Use Falls Below 2022 Levels—A Structural ShiftJune 4, 2026
Rio Tinto Puts One Executive in Charge of Its Global Iron OreJune 4, 2026
Somalia Holds Election After Constitutional Power StruggleJune 4, 2026
House Votes to End Iran Military Conflict After Months of GridlockJune 4, 2026
After 34 Years, Disneyland Paris Finally Turns ProfitableJune 4, 2026
Real Madrid's First Election Fight in 20 Years: A Star-Powered GambleJune 4, 2026
Congo's New Ebola Outbreak Tests Years of PreparationJune 4, 2026
UK Police Arrest Stabbing Victim Based on Attacker's False AccountJune 4, 2026