U.S. Cybersecurity Agency Struggles Amid Government Shutdown and Staff Shortages - 1

Image by Michael, from Unsplash

U.S. Cybersecurity Agency Struggles Amid Government Shutdown and Staff Shortages

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The United States’ federal government shutdown has caused major disruptions across several departments, including one of the nation’s most critical cybersecurity agencies.

In a rush? Here are the quick facts:

  • Only one-third of CISA employees remain on duty during the shutdown.
  • CISA protects federal networks and critical infrastructure like energy and telecom.
  • Nearly 1,000 CISA staff left since January 2025 through resignations or buyouts.

The Cybersecurity and Infrastructure Security Agency (CISA) is operating with only about one-third of its staff, raising serious concerns about national cyber defense. The situation was first reported by The Conversation .

CISA, part of the Department of Homeland Security, is responsible for protecting government networks and critical infrastructure sectors like telecommunications, energy, and the electric grid.

But the shutdown, which began on October 1, 2025, has forced many employees into unpaid furloughs, leaving a skeleton crew struggling to keep systems secure.

According to Department of Homeland Security documentation, “fewer CISA employees are being asked to do more and more work protecting American cyberspace during the shutdown.” They are currently working without pay until the government resumes operations.

The agency’s troubles come on top of budget cuts, mass resignations, and leadership losses earlier this year. Since January 2025, nearly 1,000 CISA employees have left, and by May, nearly all senior leaders had resigned or announced plans to do so.

The White House’s proposed 2026 budget further reduces CISA’s workforce by nearly one-third, slashing funding for cyber education and training programs.

To make matters worse, Congress failed to renew the Cybersecurity Information Sharing Act, a key law that enabled public-private information exchange about cyber threats. Without it, companies may hesitate to share data on attacks, fearing legal exposure.

Experts warn that the timing couldn’t be worse, with ongoing cyberattacks like China’s Salt Typhoon targeting U.S. telecom networks and ransomware campaigns surging.

As The Conversation report noted, malicious hackers often strike “when their target’s guard is down.” The shutdown, expired cybersecurity laws, and funding cuts together leave America’s digital defenses in one of their weakest states in years.

Hackers Target Job Seekers With New “Vampire Bot” Malware - 2

Image by SCARECROW artworks, from Unsplash

Hackers Target Job Seekers With New “Vampire Bot” Malware

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Vietnamese hackers are using fake job offers to trick professionals into installing Vampire Bot, a new malware that steals data and enables surveillance.

In a rush? Here are the quick facts:

  • Fake job offers hide malware disguised as PDFs and ZIP files.
  • Vampire Bot steals data, screenshots, and enables remote access.
  • Infection chain uses fake Marriott job description to trick victims.

A Vietnamese hacking group known as BatShadow has been linked to a new cyber campaign that targets job seekers and digital marketing professionals using fake job offers to spread malware.

The campaign, which was first reported by The Hacker News , delivers a previously unknown malicious program called Vampire Bot.

According to researchers Aditya , “The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents. When opened, these lures trigger the infection chain of a Go-based malware.”

The attacks start with ZIP files that contain decoy PDFs and malicious shortcut or executable files made to look like PDFs. Once opened, these files run hidden PowerShell scripts that download additional malware components from an external server.

One lure document pretends to be a marketing job offer at Marriott, while the downloaded malware installs XtraViewer, a remote desktop tool likely used to gain ongoing access to the victim’s computer.

Victims are then tricked into clicking on fake “preview” links that lead to deceptive web pages. These pages claim the user’s browser is unsupported and tell them to open the file in Microsoft Edge.

When they do, a ZIP file automatically downloads containing the fake job description and the real malware — a file named “Marriott_Marketing_Job_Description.pdf.exe.”

The Vampire Bot malware, written in the Go programming language, can steal personal data, take screenshots, and communicate with an attacker-controlled server at api3.samsungcareers[.]work.

BatShadow’s ties to Vietnam were uncovered through a known IP address (103.124.95[.]161) previously linked to Vietnamese hacker groups.

Researchers say the group has been active for at least a year, reusing similar fake domains like samsung-work[.]com to spread other malware families, including Agent Tesla, Lumma Stealer, and Venom RAT.

Aryaka warned, “The BatShadow threat group continues to employ sophisticated social engineering tactics to target job seekers and digital marketing professionals.”