🟠 High  |  Source: Krebs on Security


A CISA contractor accidentally published dozens of internal credentials, including AWS GovCloud access keys, to a public GitHub repository where they remained exposed for nearly six months before being flagged by KrebsOnSecurity. CISA has now issued a postmortem examining what went wrong and how the incident was handled. The case highlights systemic failures in secrets management, repository scanning, and incident response that are common across organisations of all sizes.

Security Architect’s Take: Audit your organisation’s GitHub repositories — public and private — for exposed secrets immediately using tools such as truffleHog, git-secrets, or GitHub’s own secret scanning; then enforce pre-commit hooks and automated CI/CD secret detection to prevent future exposure. Equally important: define and rehearse a credential-revocation runbook so your team can rotate compromised cloud keys within minutes, not months.

Original advisory: Lessons Learned from CISA’s Recent GitHub Leak