America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
> GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told The Register that he “quickly understood that the leak was bad and that time was running out. A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets.”
...
> It’s not a good look for the nation’s infosec agency, which [hasn’t had a permanent boss](https://www.theregister.com/on-prem/2025/05/28/ex-cisa-employee-describes-culture-of-fear-at-the-agency/495296) since Trump took office, is facing [hundreds of millions of dollars in budgets cuts](https://www.theregister.com/security/2026/04/03/trump-wants-to-slash-707m-from-cisas-budget/5226686) on top of [deep cuts to staff and funding](https://www.theregister.com/on-prem/2025/10/14/trump-admin-slashes-cisa-staff-again-amid-shutdown/545651) last year, and has suffered its share of [embarrassing security snafus](https://www.theregister.com/security/2026/01/29/cisa-insider-threat-warning-comes-with-an-ironic-twist/4639815) in the interim.
...
> It’s not a good look for the nation’s infosec agency, which [hasn’t had a permanent boss](https://www.theregister.com/on-prem/2025/05/28/ex-cisa-employee-describes-culture-of-fear-at-the-agency/495296) since Trump took office, is facing [hundreds of millions of dollars in budgets cuts](https://www.theregister.com/security/2026/04/03/trump-wants-to-slash-707m-from-cisas-budget/5226686) on top of [deep cuts to staff and funding](https://www.theregister.com/on-prem/2025/10/14/trump-admin-slashes-cisa-staff-again-amid-shutdown/545651) last year, and has suffered its share of [embarrassing security snafus](https://www.theregister.com/security/2026/01/29/cisa-insider-threat-warning-comes-with-an-ironic-twist/4639815) in the interim.