credential-exposure

5 posts

CISA pushed passwords to a public repo

A top cyberdefense agency published credentials in a public GitHub repository. A control analysis of what failed and what must now be true.

May 20, 2026

Article

CISA contractor leaked GovCloud keys to GitHub

Technical analysis of a CISA contractor's leaked AWS GovCloud admin keys on GitHub - blast radius, IAM persistence paths, CloudTrail detections, supply-chain tail.

May 19, 2026

Article

The agency was the breach.

A US cybersecurity agency published digital keys to a public GitHub repository. The exposure defines the failure class. Recovery requires rotation.

May 19, 2026

Article

The malware leaked itself, not the defenders.

Needle cryptostealer shipped with a plaintext API key in the Rust binary. One string exposed 1932 victims and the withdrawal config.

May 16, 2026

Article

The dashboard pushed every critical CVE to GitHub

Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.

May 12, 2026