The imminent DHS shutdown will hamper US ability to respond to cyber threats

Metacurity has been following cybersecurity, surveillance, and power as they unfold day by day—tracking patterns, context, and connections that most other sources miss. We go beyond the usual infosec news echo chamber, highlighting what’s real, overlooked, and often missed by traditional outlets. Please consider supporting our work by upgrading your subscription. Thank you!

Congressional lawmakers are allowing a "no-pressure" shutdown of the Department of Homeland Security to take place at the end of the day today, which will hamper the Cybersecurity and Infrastructure Security Agency’s ability to respond to threats, offer services, develop new capabilities, and finish writing a key regulation.

A shutdown “would delay deploying cybersecurity services and capabilities to federal agencies, leaving significant gaps in security programs,” acting CISA leader Madhu Gottumukkala told the House Appropriations Subcommittee on Homeland Security earlier this week. “CISA’s capacity to provide timely and actionable guidance to help partners defend their networks would be degraded.”

There’s a divide between activities CISA could continue in some capacity versus those they would have to shutter entirely during a funding lapse, he said.

“Limited activities include responding to imminent threats, sharing timely vulnerability and incident information, maintaining our 24/7 operations center, and operating cybersecurity shared services,” Gottumukkala said. “However, CISA would not perform any strategic planning, development of cybersecurity advice and guidance, or development of new technical capabilities.”

There would likely be delays in activities like issuing binding operational directives to federal agencies or completing the already-delayed regulations stemming from the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the latter of which would require critical infrastructure operators to report major cyber incidents to CISA and would be paused during a shutdown, he said. (Stephen Neukam / Axios and Tim Starks / CyberScoop)

Related: TESTIMONY OF MADHU GOTTUMUKKALA, Slashdot, Federal News Network, The Hill, SC Media, Punchbowl

The Cybersecurity and Infrastructure Security Agency will hold sector-by-sector town halls in the coming weeks to get feedback on a stalled regulation requiring critical infrastructure owners and operators to report when they suffer major cyberattacks.

The meeting dates would “allow external stakeholders a limited additional opportunity to provide input on refining the scope and burden” of a proposed rule that CISA is advancing as part of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) that Congress enacted in 2022.

That law requires critical infrastructure owners and operators to notify CISA within 72 hours when they are hit with a significant cyberattack and within 24 hours when they make a ransomware payment.

But defining what entities the law would specifically cover and how has been a point of contention. The Trump administration moved the deadline to complete the rule last year, saying it would delay finalizing the rule until May.

Among the specific topics CISA wants comment on during the virtual town halls are proposed sector-based criteria for whom the regulations apply to; how to handle small businesses; how to consider chemical plants in light of a chemical plant security law lapsing; the list of example incidents that would meet the law’s reporting requirements; and how to reduce conflicts with existing regulations.

After the sector-by-sector meetings, CISA would hold general sessions on March 31 and April 2.

One industry source, granted anonymity to speak candidly, said they weren’t aware the additional sessions were coming until Thursday’s Federal Register notice, and it “would have been nice” to know it was coming.

They also said they weren’t sure the town halls were what CIRCIA needed right now.

“Industry has already been very vocal about what we think needs to be addressed in the final rule,” the source said. “We want some back and forth, give and take, to better understand what CISA may view as its limitations in implementing the rule.

“And to me, a town hall where you’re asking for more input isn’t what we need at this point. We want a dialogue,” they said. (Tim Starks / CyberScoop)

Related: Federal Register, Cybersecurity Dive

Sources say Palo Alto Networks opted not to tie China to a global cyberespionage campaign the firm exposed last week over concerns that the cybersecurity company or its clients could face retaliation from Beijing.

According to the sources, Palo Alto’s findings that China was tied to the sprawling hacking spree were dialed back following last month’s news that Palo Alto was one of about 15 US and Israeli cybersecurity companies whose software had been banned by Chinese authorities on national security grounds.

A draft version of the report by Palo Alto’s Unit 42, the company’s threat intelligence arm, said that the prolific hackers - dubbed “TGR-STA-1030” in a report published on Thursday of last week - were connected to Beijing, the two people said. The finished report instead described the hacking group more vaguely as a “state-aligned group that operates out of Asia.”

The change, the sources said, was ordered by Palo Alto executives because they were concerned by the software ban and feared drawing retaliation from Chinese authorities, either against the company’s personnel in China or its clients elsewhere. (Raphael Satter and A.J. Vicens / Reuters)

The Tianfu Cup, China’s premier hacking competition, has returned to Chengdu, Sichuan Province, for its sixth edition, held from January 29 to 30, 2026.

This time, under the organizational lead of China’s Ministry of Public Security (MPS), China’s domestic law-enforcement authority. Launched in 2018 after Chinese authorities barred domestic researchers from participating in international exploit competitions, such as Canada’s Pwn2Own, the Tianfu Cup emerged as a domestic alternative for high-end vulnerability research and exploitation.

After skipping three editions in 2022, 2024, and 2025, the competition has now reappeared, although the reasons for this hiatus and revival remain unclear. The event was first announced on China’s MPS website on January 16. On January 19, the Tianfu Cup’s account on the social media platform X appears to have briefly posted about the competition before deleting the post shortly thereafter.

The following day, the event’s website (hxxps://tianfucup[.]cn) became inaccessible from outside China. By February 2, following the conclusion of the contest, the site appeared to have been taken offline entirely and remains inaccessible as of this writing. The Natto Team was nonetheless able to access the website for this piece, which includes screenshots of relevant information, as well as MPS and private company press releases that remain accessible. (Eugenio Benincasa / Natto Thoughts)

Related: Security Week, Bloomberg

Following intense backlash to its partnership with Flock Safety, a surveillance technology company that works with law enforcement agencies, Ring has announced it is canceling the integration.

The company said: “Following a comprehensive review, we determined the planned Flock Safety integration would require significantly more time and resources than anticipated. We therefore made the joint decision to cancel the integration and continue with our current partners … The integration never launched, so no Ring customer videos were ever sent to Flock Safety.”

The statement goes on to say that Ring’s mission to make neighborhoods safer “comes with significant responsibility — to our customers, to the communities we serve, and to the trust you place in our products and features.”

Trust is the big one there. Over the last few weeks, the company has faced significant public anger over its connection to Flock, with Ring users being encouraged to smash their cameras, and some announcing on social media that they are throwing away their Ring devices.

The Flock partnership was announced last October, but following recent unrest across the country related to ICE activities, public pressure against the Amazon-owned Ring’s involvement with the company started to mount.

Adding fuel to the fire, this weekend Ring aired a Super Bowl ad for its new AI-powered Search Party feature. While the company says the feature is designed to find lost dogs and maintains it’s not capable of finding people, the ad raised fears that Ring cameras were being used for mass surveillance. The ad shows dozens of Ring cameras in a neighborhood scanning the streets. (Jennifer Pattison Tuohy / The Verge)

Related: The Ring Blog, Silicon Republic, PCMag, Mashable, NBC News, Android Authority, Engadget, CNBC, flocksafety.com, Hacker News (ycombinator), r/technology, r/boulder, r/ThePeoplesPress, r/Ring, r/amazonemployees, r/privacy, r/Seattle, r/FlockSurveillance, Slashdot

Texas Attorney General Ken Paxton has launched an investigation into what he calls potentially the largest data breach in US history, issuing legal demands for information from Blue Cross Blue Shield of Texas and Conduent Business Services LLC.

The breach of Conduent's system happened between Oct. 21, 2024, and Jan. 13, 2025, exposing the sensitive personal data of approximately 4 million Texans. An unauthorized third party accessed protected health information of Texas residents, including Texas Medicaid recipients.

"The Conduent data breach was likely the largest breach in US history," Paxton said. "If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it."

Paxton issued Civil Investigative Demands to both companies, requiring them to provide documents and information related to the breach investigation.

"Texans deserve to know that their private health information is being handled responsibly and in full compliance with the law," Paxton said. "My office is committed to uncovering exactly what went wrong, taking action to protect Texas families, and ensuring there is justice for any negligence." (Taylor Helmes / KXXV)

Related: Texas Attorney General

The BBC has been shown a significant - and unfixed - cybersecurity risk in a popular AI vibe coding platform called Orchids.

Experts say the ease with which Orchids can be hacked demonstrates the risks of allowing AI bots deep access to our computers in exchange for the convenience of allowing them to carry out tasks autonomously.

BBC journalist Joe Tidy used Orchids to help him build the code for a computer game based on the BBC News website.

Automatically, the AI assistant began compiling code on the screen that, without any experience, he couldn't understand.

Exploiting a cybersecurity weakness (which the BBC is not disclosing), cybersecurity researcher Etizaz Mohsin was able to gain access to Tidy's project and view and edit any of the code.

He then added a small line of code somewhere in the thousands of lines of letters, numbers, and symbols into his project, unbeknownst to him.

Mohsin says he has only found the flaws in Orchids, and not yet in other vibe-coding platforms such as Claude Code, Cursor, Windsurf, and Lovable.

Nonetheless, experts say it should serve as a warning.

"The main security implications of vibe-coding are that without discipline, documentation, and review, such code often fails under attack," says Kevin Curran, professor of cybersecurity at Ulster University. (Joe Tidy / BBC News)

Sources say Meta, Facebook’s parent company, plans to add a facial recognition feature to its smart glasses, which it makes with the owner of Ray-Ban and Oakley, as soon as this year.

The feature, internally called “Name Tag,” would let wearers of smart glasses identify people and get information about them via Meta’s artificial intelligence assistant.

Meta’s plans could change. The Silicon Valley company has been conferring since early last year about how to release a feature that carries “safety and privacy risks,” according to an internal document viewed by The New York Times. The document, from May, described plans to first release Name Tag to attendees of a conference for blind people, which the company did not do last year, before making it available to the general public.

Meta’s internal memo said the political tumult in the United States was good timing for the feature’s release.

“We will launch during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns,” according to the document from Meta’s Reality Labs, which works on hardware including smart glasses. (Kashmir Hill, Kalley Huang, and Mike Isaac / New York Times)

Vincenzo Iozzo, a renowned hacker linked to convicted sex offender Jeffrey Epstein, is no longer listed on the website of Black Hat, one of the largest cybersecurity conferences in the world, nor on the Japanese security conference Code Blue.

As of Thursday, Iozzo does not appear on the official review board pages of Black Hat or Code Blue. He was still listed on both pages as of last week. Iozzo had been on the Black Hat review board since 2011, according to his LinkedIn profile.

In a statement shared with TechCrunch through a spokesperson, Iozzo said he told Black Hat that he “will not willingly resign” and welcomed “a full investigation.”

Spokespeople for Black Hat did not respond to requests for comment.

Iozzo, currently the founder and chief executive of cybersecurity startup SlashID, has had a long career in the industry. Iozzo authored one of the first manuals for hackers researching Apple’s mobile software. In 2015, he founded cybersecurity startup IperLane, which was later bought by CrowdStrike, leading him to serve as a senior director at the company for almost four years. (Lorenzo Franceschi-Bicchierai / TechCrunch)

Related: Straight Arrow News

According to a new court filing, the IRS erroneously shared the taxpayer information of thousands of people with the Department of Homeland Security, as part of the agencies’ controversial agreement to share information on immigrants for the purpose of identifying and deporting people illegally in the US.

The revelation stems from a data-sharing agreement signed last April by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem, which allows US Immigration and Customs Enforcement to submit names and addresses of immigrants inside the US illegally to the IRS for cross-verification against tax records.

A declaration filed Wednesday by IRS Chief Risk and Control Officer Dottie Romo stated that the IRS was only able to verify roughly 47,000 of the 1.28 million names ICE requested.

For less than 5% of those individuals, the IRS gave ICE additional address information, potentially violating privacy rules created to protect taxpayer data. (Fatima Hussein / Associated Press)

Related: FedScoop, Washington Post, Accounting Today, The Hill

Mrinank Sharma, an artificial intelligence researcher, left his job at the AI Anthropic this week with a cryptic warning about the state of the world, marking the latest resignation in a wave of departures over safety risks and ethical dilemmas.

In a letter posted on X, Sharma wrote that he had achieved all he had hoped during his time at the AI safety company and was proud of his efforts, but was leaving over fears that the “world is in peril,” not just because of AI, but from a “whole series of interconnected crises,” ranging from bioterrorism to concerns over the industry’s “sycophancy.”

He said he felt called to writing, to pursue a degree in poetry and to devote himself to “the practice of courageous speech.”

“Throughout my time here, I’ve repeatedly seen how hard it is to truly let our values govern our actions,” he continued. (Rachel Goodman / Global News)

Related: BBC News, The Hill, Semafor, Futurism, The Times, WION, American Bazaar

Proofpoint announced it has acquired Acuvity, an AI security startup, as the cybersecurity company moves to address security risks stemming from widespread corporate adoption of agentic AI.

The acquisition strengthens Proofpoint‘s capabilities in monitoring and securing AI-powered systems that are increasingly handling sensitive business functions across enterprises.

Financial terms of the deal were not disclosed, but Ryan Kalember, Proofpoint’s chief strategy officer, told CyberScoop that the acquisition was beyond a pure “technology acquisition,” with Acuvity’s engineering team slated to join the California-based company. (Greg Otto / CyberScoop)

Related: Proofpoint, Techzine, CRN

Best Thing of the Day: Scientists Tracking Trump

Scientist Christina Pagel is behind the Trump Action Tracker, the world’s only comprehensive dashboard of the actions, statements, and plans of the Trump administration, where she and her team of volunteers have manually logged almost 2,500 examples that may "pose a threat to American democracy" since January 2025.

Worst Thing of the Day: That's a Really Bad Reputation to Manage

Jeffrey Epstein tapped online reputation management firms to bury negative coverage of his 2008 sex offense conviction and flood the internet with favorable content in a years-long effort to rehabilitate his public image, with one firm "hacking" Wikipedia moderators' IP addresses to block them from reversing its edits to Epstein's profile.

Closing Thought