Julian Oliver4d ago

Profoundly egregious org-scale self-own.

And it gets better, if we can allow ourselves a little schadenfreude:

"The now-defunct Private CISA repo showed the contractor also used easily-guessed passwords for a number of internal resources; for example, many of the credentials used a password consisting of each platform’s name followed by the current year"

https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

#infosec #opsec

CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security

Show threadAHAKO
@JulianOliver #CuiBono: State actors gain access credentials. Defense contractors gain market share. And those who deliberately hollowed out CISA lose less than you'd think — less election infrastructure protection, less inconvenient reporting. Negligence pulled the trigger. The conditions were engineered.
May 20 at 1:18amMastodon for Android