credential exposure
6 posts
CISA administrator published GovCloud keys to GitHub
A CISA administrator's publication of AWS GovCloud keys to public GitHub exposes the gap between cloud segregation policy and runtime control.
CISA pushed passwords to a public repo
A top cyberdefense agency published credentials in a public GitHub repository. A control analysis of what failed and what must now be true.
CISA contractor leaked GovCloud keys to GitHub
Technical analysis of a CISA contractor's leaked AWS GovCloud admin keys on GitHub - blast radius, IAM persistence paths, CloudTrail detections, supply-chain tail.
The agency was the breach.
A US cybersecurity agency published digital keys to a public GitHub repository. The exposure defines the failure class. Recovery requires rotation.
The malware leaked itself, not the defenders.
Needle cryptostealer shipped with a plaintext API key in the Rust binary. One string exposed 1932 victims and the withdrawal config.
The dashboard pushed every critical CVE to GitHub
Technical analysis of a unified vulnerability dashboard pushed to a public GitHub repo, the scanner token blast radius, and what defenders actually see.