The Department of Homeland Security is laying off about 176 employees amid the Trump administration's latest push to reduce the size of the federal government during the ongoing shutdown.

Why it matters: Many, if not all, of these layoffs appear to be in the Cybersecurity and Infrastructure Security Agency — which has already lost one-third of its workforce from voluntary buyouts and early retirements.

• If all of these layoffs were to affect CISA, they would account for 7% of the agency's total workforce as of the end of May.

Threat level: The CISA cuts aren't as big as those at Treasury (1,446 employees, per a court filing) or Health and Human Services (between 1,100 and 1,200 employees). But they are coming at an especially precarious time for U.S. cyber operations and are affecting an already shrunken workforce.

• About 35% of CISA's workforce (as of May) has been sent home during the government shutdown.
• Meanwhile, Congress has allowed a 10-year-old program that enabled swift cyber-threat information sharing to lapse.
• And the threat landscape is quickly adapting to the new AI-enabled world, which promises faster, more sophisticated cyberattacks against companies.

Zoom in: A DHS spokesperson said Friday that reduction-in-force notices "will be occurring at CISA."

• "During the last administration, CISA was focused on censorship, branding and electioneering," the spokesperson added. "This is part of getting CISA back on mission."
• Staff within the agency's Stakeholder Engagement and Infrastructure Security divisions were among those targeted in the latest round of cuts, according to Nextgov.
• The spokesperson did not mention layoffs at any other DHS entity and did not respond to a request yesterday to clarify if CISA is the only affected DHS agency.

The big picture: CISA's workforce grew rapidly during the Biden administration, adding more than 2,200 people between July 2021 and January 2025.

• Federal agencies often struggle to hire cybersecurity talent away from the private sector, which typically offers higher salaries.

Catch up quick: About 774 CISA employees took a buyout offer earlier this year, including those who took early retirement, a source told Axios at the time.

• CISA also cut contracts in threat-hunting operations and laid off members of the election integrity unit and diversity-and-inclusion offices.
• Nearly every senior official at CISA also departed earlier this year.
• DHS has recently reassigned many CISA workers to other agencies, including Immigration and Customs Enforcement, Customs and Border Protection, and the Federal Protective Service, Bloomberg reported last week.

Between the lines: CISA has become a major target of the Trump administration due to its work identifying and combatting election-related mis- and disinformation.

• Former director Chris Krebs, who ran the agency during the first Trump administration, called the 2020 election the "most secure in American history" and was subsequently fired by tweet.
• Trump directed the Department of Justice to open an investigation into Krebs earlier this year.

What to watch: Sean Plankey's nomination to become the next CISA director is still awaiting a floor vote.

• Lawmakers have also started speaking out. In a statement, House Homeland Security Committee Chair Andrew Garbarino (R-N.Y.) said: "Democrats should not have put us in this position in the first place," adding that the decision to not pass the clean continuing resolution has "undermined our homeland security and the personnel who are now working without pay to uphold it."

📲 If you're a federal worker with more insights about the extent of the administration's cuts to the cyber workforce, reach out to me confidentially on Signal at @SamSabin.01.

Companies are slowing down the rate at which they share threat intelligence with the federal government after a lapse in key liability protections.

Why it matters: Companies aren't doing this by choice.

• Since decade-old protections expired two weeks ago, business leaders have been involving their legal teams more in discussions about sharing threat intelligence, slowing down the process, industry sources tell Axios.

Catch up quick: Protections in the Cybersecurity Information Sharing Act of 2015 ran through Sept. 30 — right as the government shut down after Congress failed to pass a short-term funding deal.

• While the House passed its own bill reauthorizing the program, Senate Homeland Security Committee Chair Rand Paul (R-Ky.) pushed for massive last-minute changes to the program that slowed down negotiations.

The big picture: When the protections were in place, companies tended to make their legal teams generally aware they were engaging in information sharing, but they would not consult them before sharing every single piece of intelligence.

• Now that's changed as companies get more nervous about what legal pushback they could face if they share information that exposes any flaws or potential fault for a cyberattack.

Zoom in: "The lapse of the Cybersecurity Information Sharing Act of 2015 has reinserted lawyers into the conversation, which is going to slow down information sharing," Henry Young, senior director of policy at the Business Software Alliance, told Axios.

• Some major companies, including CrowdStrike and Halcyon, promised to keep sharing threat intelligence quickly even after the law expired, Politico reports.
• But another industry source — who asked for anonymity to protect the organizations they work with — told Axios that cyber lawyers are getting inundated with questions about information sharing and that the level of sharing varies across large and small companies.

Threat level: The vast majority of U.S. critical infrastructure is privately owned — meaning federal cyber investigators have to lean heavily on their private sector partners to understand active threats on digital networks.

• "Without these protections in place, we are in an incredibly vulnerable position," Sen. Gary Peters (D-Mich.), ranking member of the Homeland Security Committee, told reporters last week. "I believe that our national and economic security are at risk for as long as these safeguards are not available."

What to watch: Peters introduced a bill Thursday that would reauthorize the information-sharing protections for another decade, rename the program to avoid overlap with the DHS agency that shares the same acronym, and retroactively protect companies that shared information during the lapse period.

• Majority Leader Sen. John Thune (R-S.D.) could choose to bring the bill, co-sponsored by fellow South Dakota Republican Mike Rounds, to the floor without Paul's support.
• "We are in a much better position than we were a week ago because there is now a path," Young said, but he noted it still isn't a "clean" one.

Yes, but: A source familiar with ongoing reauthorization negotiations told Axios that a clean, 10-year extension is a "non-starter in the House."

• Instead, House lawmakers would rather push for a one- or two-year extension to provide additional time to review potential changes to the authorities.

Apple is increasing how much it pays security researchers for the bugs they find in iPhones and Macs, with some payouts topping $2 million.

Why it matters: Apple is upping the ante to encourage security researchers to try to find bugs that spyware vendors and nation-state hackers could exploit.

Driving the news: Apple said in a blog post Friday that it's increasing the payouts for several categories of security vulnerabilities, including zero-click vulnerabilities and attacks that work when in close proximity to an iOS or MacOS device.

• The move is designed to encourage researchers to find bugs in some of Apple's newer security features.

Catch up quick: iPhone 17, which hit the market last month, includes new security improvements that harden the phone's memory against some of the most commonly targeted software vulnerabilities.

Between the lines: In addition to Memory Integrity Enforcement, Apple has introduced Lockdown Mode, which provides high-value spyware targets with added security protections, and other improvements to securing device memory in recent years.

Zoom in: Apple is increasing the maximum payouts for the following categories of security flaws:

• Zero-click flaws that would give an attacker access to a device without any user interaction could get a payout of as much as $2 million, double the previous maximum. One-click flaw discoveries can now get up to $1 million.
• Vulnerabilities that would give adversaries access to a device whenever it's in close proximity could get as much as $1 million, quadruple the previous amount of $250,000.
• Flaws that would let attackers access a locked device if they have physical access to it can now garner a payout of as much as $500,000, double the previous max payment.
• Bugs that would let adversaries break out of an app sandbox and take control of the phone's memory can pay out as much as $500,000 — up from the previous $150,000 maximum.

The big picture: Apple's decision to increase payouts could help the tech giant compete against spyware vendors and the foreign governments they work with, which often pay big bucks for details about such flaws.

• Increasingly, governments have turned to spyware to snoop on politicians, journalists, activists, dissidents and other high-profile figures.

Read the rest.

@ D.C.

🪖 President Trump has reportedly decided not to nominate the current acting head of the U.S. Cyber Command and National Security Agency to the role permanently. (The Record)

🗳️ Dominion Voting Systems has been sold to a Missouri-based company run by a former Republican election official. (Axios)

🤖 Anthropic is looking at ways to allow the federal government to use Claude for cyber operations, intelligence gathering and other national security use cases. (Axios)

@ Industry

👀 Spyware vendor NSO Group says a U.S. investment group has acquired the company. (TechCrunch)

📲 Apple removed an app from its store that allows users to preserve TikToks, Instagram reels, news reports and videos documenting ICE abuses. (404 Media)

💰 Glide Identity, a digital identity security startup, raised a $20 million Series A led by Crosspoint Capital Partners. (Axios Pro)

@ Hackers and hacks

🚔 The FBI seized the domain for the revived BreachForums leak site hours before the Scattered Spider cybercriminal gang was reportedly going to post data stolen from Salesforce customers. (The Record)

📡 Academic researchers intercepted Americans' calls and text messages transmitted across major cell networks, airplane Wi-Fi systems and even military communications systems with an $800 off-the-shelf receiver system. (Wired)

🏗️ North Korean scammers are now targeting U.S. companies that are looking to hire third-party architectural designers to build new offices. (Wired)

If I learned anything from this New York Times' story, it's that you, too, can put your tech powers to good and start (playfully!) pranking your own city.