@iwm911 discovered that an SNMP service was publicly exposed on several non-production servers and was configured with the default community string. This allowed read-access to non-sensitive information about the servers. We addressed this vulnerability by decomissioning one server and modifying networks ACLs for another.
@iwm911 discovered that GitHub was hosting a continuous integration service used for product demonstrations. This service allowed unrestricted access via open user registrations. While out of scope and without access to our production infrastructure, we responded quickly to this issue and shutdown the offending service.