The White House Office of Management and Budget is instructing agencies to consider reducing staff for programs that have a lapse in funding in the event of a government shutdown, as tensions rise ahead of the Sept. 30 end to the fiscal year. “With respect to those Federal programs whose funding would lapse and which are otherwise unfunded, such programs are no longer statutorily required to be carried out,” the undated message said. The guidance goes on to say that consistent with applicable law, including a federal reduction in force statute, agencies are directed to use this opportunity to consider RIF notices for employees working in projects, programs or activities that have a funding lapse on Oct.1, don’t have another source of funding, and are not consistent with President Donald Trump’s priorities. The project, program or activity must meet all three criteria, the message said. The message places blame for a possible shutdown squarely on congressional Democrats, calling their demands “insane.” The OMB message explains that the One Big Beautiful Bill Act, legislation passed earlier this year that is at the heart of Trump’s second-term agenda, provided “ample resources to ensure that many core Trump Administration priorities will continue uninterrupted.”

Federal cyber authorities sounded a rare alarm last week, issuing an emergency directive about an ongoing and widespread attack spree involving actively exploited zero-day vulnerabilities affecting Cisco firewalls. Cisco said it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May. The vendor, which attributes the attacks to the same threat group behind an early 2024 campaign targeting Cisco devices it dubbed “ArcaneDoor,” said the new zero-days were exploited to “implant malware, execute commands, and potentially exfiltrate data from the compromised devices.” Cisco disclosed three vulnerabilities affecting its Adaptive Security Appliances — CVE-2025-20333, CVE-2025-20363 and CVE-2025-20362 — but said “evidence collected strongly indicates CVE-2025-20333 and CVE-2025-20362 were used by the attacker in the current attack campaign.” The Cybersecurity and Infrastructure Security Agency said those two zero-days pose an “unacceptable risk” to federal agencies and require immediate action.

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.