DigiNews

Summary

An analysis by KrebsOnSecurity reveals a CISA contractor exposed AWS GovCloud credentials and other internal secrets in a public GitHub repository. GitGuardian flagged the exposure, and some keys remained valid for 48 hours after takedown. The incident underscores poor secret management and the critical need for stronger DevSecOps controls in government and cloud environments.