As companies scramble to respond to a major nation-state cyberattack, the top U.S. cybersecurity agency's threat-sharing apparatus has gone silent, industry sources told Axios.

Why it matters: This is the first major test of how prepared the recently shrunken Cybersecurity and Infrastructure Security Agency is to respond to a possible government breach.

• Some key information-sharing protocols have looked different or gone dark in the last week, an industry source familiar with the matter told Axios.
• So far, it's unclear if the silence is due to the government shutdown or post-layoff restructuring.

Driving the news: F5, a major U.S. tech vendor, said last week it was actively investigating a nation-state breach into its BIG-IP product suite and had patched a vulnerability that hackers used to break in.

• As of Thursday, more than 600,000 F5 devices were vulnerable to potential intrusions, according to Palo Alto Networks.
• Bloomberg reports that suspected Chinese hackers likely had access to F5's systems from late 2023 until they were discovered in August.
• F5 counts more than 80% of the Fortune Global 500 and several government agencies as customers.

The big picture: CISA's capacity is shrinking along with its headcount.

• The agency said in an email sent to employees and obtained by Axios that it's restructuring its Stakeholder Engagement Division, which oversees partnerships with the private sector, as part of shutdown-related layoffs. The agency will hold a town hall Thursday for employees in the division, per the email.
• The industry source, who requested anonymity to speak freely, told Axios they haven't received any new information-sharing emails from the division since the government shutdown began.
• After such incidents in the past, the division sent regular updates and hosted calls with top officials.

What they're saying: "The communications functions that this division provides are a nonnegotiable national security mechanism, arming defenders with the information needed to protect our energy grid, water systems, hospitals and banks from cyberattacks," Robert Huber, chief security officer at Tenable, told Axios.

• Huber added that this information is just as important as the intelligence analysis CISA also provides.
• Bob Kolasky, a former CISA official and senior vice president of critical infrastructure at Exiger, noted that CISA's Stakeholder Engagement Division heads up threat coordination for eight of the 16 critical infrastructure sectors.

Yes, but: By all accounts, F5 appears to be distributing that critical information to customers and other critical infrastructure organizations, the industry source said.

• Nick Andersen, the top cyber official at CISA, told reporters last week that the agency was hosting coordinating calls with state and local government organizations, as well as other federal agencies that work with critical infrastructure operators.
• A CISA spokesperson did not respond to a request for comment.

State of play: Kolasky said that, for now, his company has all the information it needs to respond to the F5 breach and that restructuring the division doesn't mean government threat information sharing will completely halt.

• But there has been a lack of consistency in how public-private partnerships have been moving, he added.
• "What I hope is happening is when there's actionable information, it's getting in the hands of critical infrastructure owners and operators," Kolasky said. "It's essential to national security that there's a consistent process for doing that."

Friction point: While CISA is pulling back, companies are also growing more nervous about sharing threat information with the federal government after decade-old liability protections lapsed this month.

• "You're adding more friction to that," Heather Kuhn, senior privacy counsel at BigID, told Axios. "It makes companies more hesitant, it's probably going to inject legal teams into the middle of that conversation because they need to protect themselves."

What to watch: Whether CISA's outreach bounces back at all after the shutdown is over.

Amazon Web Services, the biggest cloud computing provider, went down yesterday morning, crippling thousands of services from some of the biggest companies on earth.

Why it matters: For all its complexity and size, the global economy is fragile — breaking just one weak link drives big disruptions, online and in the real world.

Where it stands: Amazon's East Coast region, responsible for a lot of the internet, was the culprit.

• Zoom, Venmo, WhatsApp and many gaming, banking, social media and consumer sites saw large spikes in reported outages, according to tracker Downdetector.
• More than 11 million people worldwide had reported issues with over 2,500 companies as of midday yesterday in the biggest AWS outage of the year, Downdetector said.
• By yesterday evening, Amazon said all of its services had "returned to normal operations," but some would "continue to have a backlog of messages that they will finish processing over the next few hours."

Zoom out: Just three massive cloud providers — Amazon, Microsoft and Google — serve as the technical backbone of the internet. Millions of people, and thousands of companies, rely on each one.

• This is a recent phenomenon — businesses used to have their own data centers. But outsourcing that infrastructure to big cloud companies is cheaper and more efficient.

Between the lines: Computer systems have always had glitches or failed; what's different now is the "centralization risk," says Corey Quinn, chief cloud economist at the Duckbill Group, an AWS consulting firm.

• Even if a firm tried to stop outsourcing this work, it would still come up against reality — the many software services it buys would still be using AWS or another cloud provider.

The big picture: During COVID, we all got a lesson in the importance of the supply chain, learning that silicon chips power much of our stuff and that basically just one island (Taiwan) makes them.

• "We effectively try and squeeze all the fat out of various interactions," Quinn says. "At some point you start getting to bone."

Yes, but: These outages happen to Amazon infrequently, says Mike Chapple, who teaches cybersecurity at the University of Notre Dame.

• There was also a major disruption in 2021 that affected everything from Disney parks to Adele ticket sales, Bloomberg reported at the time.

What to watch: Amazon is investigating the cause of yesterday's outage.

Venture funding to cybersecurity companies in Q3 fell about 23% compared with Q2 as deal flow slowed, per PitchBook.

The big picture: Cyber funding this year should still easily surpass that of 2024 as AI and new security threats drive investment.

By the numbers: Total cybersecurity venture funding hit $3.1 billion in 221 announced deals in Q3, down from the $4 billion in 244 deals during Q2.

• However, Q3's dollar amount was well ahead of the $2.2 billion in 227 deals in Q3 of 2024.
• All of 2024 saw nearly $12 billion in venture funding for cybersecurity companies, while just the first nine months of 2025 recorded $10 billion.

Zoom in: The Q3 dip came after Q2 saw two massive rounds: Cato Networks' $359 million raise and Cyera's $540 million raise.

• The biggest round in Q3 was ID.me's $340 million Series E at a valuation exceeding $2 billion. No other round topped $300 million.

State of play: The data indicates cybersecurity dealmaking, like the rest of the market, is seeing big dollars go to fewer deals.

The bottom line: AI needs cybersecurity, and investors seem eager to fund it.

If you need smart, quick intel on dealmaking in the enterprise software industry for your job, get Axios Pro Deals.

Ransomware gangs are already starting to embed AI into their workflows, allowing them to fine-tune and amplify attacks that have already stolen billions from U.S. corporations.

Why it matters: Most cases of cybercriminals using AI are still outliers, security responders say, but AI tools promise to accelerate the data-stealing, file-encrypting cyberattacks that have wreaked havoc across industries.

The big picture: Just like everyone else, ransomware gangs have been playing with generative AI tools for a while. Researchers have seen hackers using AI chatbots to negotiate ransom payments, write code, and perfect their social engineering attacks.

• Security analysts at cybersecurity firm ReliaQuest said in a report today that 80% of the ransomware-as-a-service groups they observe are now offering automation or other AI tools on their platforms.
• A group of NYU researchers published a paper in August showing they could build a proof of concept using local large language models to "autonomously plan, adapt and execute the ransomware attack lifecycle."
• Researchers at Palo Alto Networks also observed cybercriminals using AI-generated audio and video to impersonate employees as part of help desk scams — a tactic used to gain access before deploying ransomware.

Yes, but: Most ransomware gangs still don't have much incentive to tap AI tools when their cheaper, less sophisticated tactics still work so well.

• Rafe Pilling, director of threat intelligence at Sophos, told Axios that AI use is still the "exception, and not the norm."
• Many of the hackers experimenting with AI tools appear to be affiliates focused on gaining access to organizations, Tony Anscombe, chief security evangelist at cybersecurity firm ESET, told Axios.
• "There's just so much low-hanging fruit out there," Anscombe said.

Threat level: Ransomware accounted for 91% of all incurred losses among cyber risk firm Resilience's customer base in the first half of 2025, according to data published in September.

• That may get worse once AI becomes more commonplace. In May, researchers at Palo Alto Networks found they could simulate a ransomware attack using AI in just 25 minutes, from initial compromise to data exfiltration.

Read the rest.

@ D.C.

🇨🇳 The Chinese government has accused the NSA of breaking into its National Time Service Center and stealing sensitive data during a "long-term, highly covert" campaign. (South China Morning Post)

🇮🇷 The indictment against former national security adviser John Bolton claims that suspected Iranian hackers broke into his email account. (CyberScoop)

🤖 Federal investigators ordered OpenAI to provide information about a ChatGPT user accused of running a dark-web child-exploitation site as part of a first-of-its-kind search warrant. (Forbes)

@ Industry

📸 Law enforcement offices that use Flock, a controversial network of AI-powered surveillance cameras, can now also use their accounts to request information from Ring doorbell cameras. (TechCrunch)

👨🏻‍⚖️ A U.S. court has ordered spyware company NSO Group to stop targeting WhatsApp customers. (Reuters)

💰 Veeam Software, a data recovery company owned by Insight Partners, agreed to buy Securiti AI for $1.73 billion in cash and stock. (Bloomberg)

@ Hackers and hacks

👀 Members of the Com, a collective of hackers behind some of the most significant data breaches in recent years, just doxxed hundreds of officials working for the Department of Homeland Security and Immigration and Customs Enforcement. (404 Media)

🚔 Europol dismantled an illegal SIM-box service that hackers used as part of more than 3,200 fraud cases, resulting in at least 4.5 million euros ($5.2 million) in losses. (BleepingComputer)

👩🏻‍💻 A profile of Elena Timofeeva, who used the moniker "Drakosha" as part of her double life in which she was the head of a major ransomware operation that targeted as many as 400,000 victims. (Financial Times)

Don't forget: It's almost always DNS.