One rule to rule them all.

CyberWire Daily: "One rule to rule them all."

Host: Dave Bittner (N2K Networks)
Date: December 12, 2025

Episode Overview

This episode of CyberWire Daily dives into major recent developments in cybersecurity policy and threats, with updates on a new AI-focused executive order from the White House, leadership changes at the NSA, regulatory actions in the UK, the latest vulnerability and breach intelligence, and how organizations are evolving tabletop exercises to prepare for AI-generated attacks. The episode also includes an in-depth interview with Mark Lance, Vice President for DFIR and Threat Intelligence at GuidePoint Security, on preparing organizations via Purple Team tabletop exercises—especially as AI changes the threat landscape.

Key News Highlights & Analysis

1. White House Executive Order: Preempting State AI Regulation

[01:35–04:00]

President Trump signed an order to prevent states from creating their own AI regulations.
- Aimed at avoiding a "fragmented regulatory landscape" and maintaining US competitiveness against China.
- Directs the Attorney General to challenge state laws and the Commerce Department to flag problematic state regulations.
- Federal funds (like broadband grants) may be withheld from states passing independent AI rules.
In Context:
- States like California, Colorado, Utah, and Texas already passed AI laws for data, transparency, and discrimination risks.
- Supporters argue local rules are needed for real harms; the administration wants to target only the "most burdensome" restrictions.

"Trump said requiring companies to navigate approvals in all 50 states would discourage investment and slow development." (03:05, Host)

2. NSA Leadership Shake-Up

[04:05–05:15]

Joe Francesca’s nomination as NSA Deputy Director was withdrawn amid pressure from far-right conservatives and internal opposition.
Tim Kosiba, a former NSA and FBI senior official, is now slated for the role.
Backdrop: NSA continues to lack a Senate-confirmed director and faces additional senior departures.

3. Notable Security Events and Alerts

- LastPass Fined Over 2022 Breach

[05:16–06:18]

UK Information Commissioner's Office fined LastPass $1.6 million for insufficient technical/security measures.
Hackers accessed a backup database—though customer passwords were not decrypted.
Experts see this as a “watershed moment,” stressing modern breaches often relate to identity and supplier risk.

- Active Exploitation: Gladonet Center Stack

[06:19–07:00]

Warning from Huntress about real-world attacks exploiting a cryptography flaw (static keys).
Attackers can steal machine keys and execute remote code.
Nine organizations affected so far; immediate updating and review urged.

- OpenAI’s Cybersecurity Preparedness Plans

[07:01–08:10]

OpenAI now treats all future AI models as potentially high risk for cybersecurity.
Focus on “defense in depth,” robust red teaming, system monitoring, and a Trusted Access Program for verified defenders.
Analysts caution that real-world risks from AI attacks may be overstated for now.

- MITRE's Top 25 Software Vulnerabilities (2025)

[08:11–09:15]

Cross-site scripting, SQL injection, and CSRF lead the rankings.
New entries: several buffer overflows, access control issues.
CISA urges developers to use the list to guide secure-by-design practices.

- Emergency Patch: GeoServer Vulnerability

[09:16–10:18]

CISA orders agencies to patch a critical unauthenticated XXE (XML External Entity) flaw.
Exploits allow data theft, DoS, and server-side request forgery.
All organizations—public and private—strongly urged to update immediately.

- Major Anti-Piracy Takedown in India

[10:19–11:10]

Anti-piracy coalition ACE (including Disney, Netflix, Warner Bros.) shut down Mark V Cinemas, a leading illegal streaming service.
Operator agreed to cede 25 domains; also took down a file cloning tool widely used in India and Indonesia.

Featured Interview: Mark Lance – GuidePoint Security

Topic: Purple Team Tabletop Exercises & AI-Generated Attacks
[14:34–25:38]

The Rise and Purpose of Tabletop Exercises

[14:34–15:14]

Tabletop exercises have grown as organizations see the value in testing and awareness.
Drivers include board directives, insurance, and compliance needs.

"We recommend that a tabletop is performed at least once a year across your senior leadership team and then additionally a separate one across your technical or maybe management teams."
— Mark Lance (14:51)

What Is a Tabletop Exercise?

[15:20–16:14]

A “tabletop exercise” is a simulated incident, designed to:
- Educate on incident types, response processes, and key decision points.
- Help teams rehearse roles, responsibilities, and reactions in a controlled environment.

"The idea is to take this hypothetical incident that's applicable to you and your organization and get people to understand how they would react..."
— Mark Lance (16:03)

AI’s Impact on Incident Response Readiness

[16:14–17:24]

AI is now considered a core element in tabletop scenarios.
Includes threats like AI-generated phishing, malicious code, or attacks on internally-used AI systems.
Scenarios are customized to reflect real, emerging threats relevant to each organization.

Choosing Cadence and Audience for Exercises

[17:24–20:26]

Frequency depends on maturity and existing processes; less mature orgs should use exercises to develop plans.
Advanced organizations use tabletop to test and refine existing incident response.
Different roles:
- Technical teams focus on detection, escalation, and severity assessment.
- Senior leaders focus on business impact, communications (e.g., with cyber insurers, counsel), and response decisions.

"Audience-specific to their role is very important."
— Mark Lance (20:12)

Overcoming Skepticism and Realism

[20:26–22:35]

Many participants arrive not knowing what to expect; realistic, surprise-driven scenarios work best.
The process exposes policy and process gaps, drives improvements, and builds “muscle memory.”

Lessons Learned and Getting Started

[23:19–25:38]

Start by assessing your organization's maturity—have you ever done this before?
Decide on internal vs. third-party facilitation.
Focus scenarios on risks truly relevant to your specific environment—avoid generic, “this could never happen” stories.
Most important: capture lessons learned and apply them to keep improving response.

"They're not necessarily a test, but they're an opportunity to say, hey, we were extremely efficient here and here are things we did very well. But maybe we're missing some of these policies or processes here..."
— Mark Lance (24:50)

Memorable Quote

"A lot of our clients walk away from these things saying, 'holy crap, are these the kinds of things that could really happen to us?'"
— Mark Lance (22:47)

Cutting-Edge Research Highlight: DNA as an Attack Vector

[27:01–29:00]

Researchers demonstrated malware can be encoded in synthetic DNA, triggering exploits in sequencing software.
Biological samples, once digitized, pass into cloud systems where hidden code could corrupt data or provide remote access.
Raises new concerns for data integrity and biosecurity in genomics, biotech, and healthcare.

"The takeaway is simple and genomic pipelines are now part of the attack surface. The genome is no longer just life's blueprint, it is executable input."
— Dave Bittner (28:35)

Useful Timestamps

White House AI Executive Order: 01:35–04:00
NSA Leadership Update: 04:05–05:15
LastPass Breach Fine: 05:16–06:18
OpenAI Cyber Plans: 07:01–08:10
MITRE Vulnerabilities List: 08:11–09:15
GeoServer Exploit Alert: 09:16–10:18
Interview: Mark Lance begins: 14:34
- Tabletop Overview: 15:20
- AI in Exercises: 16:14
- Audience/Roles: 18:54
- Lessons Learned/Getting Started: 23:27
DNA-Based Malware Segment: 27:01–29:00

Conclusion

This episode underscores how rapidly shifting technologies—especially AI and even biotechnology—are drastically expanding the cybersecurity threat landscape. Practical insights from Mark Lance show how organizations can better prepare for both present and future challenges, using tailored tabletop exercises to move beyond compliance checklists and truly test their readiness.

For a more in-depth dive, listen to the full episode and check supplemental materials at the CyberWire.

CyberWire Daily: "One rule to rule them all."

Host: Dave Bittner (N2K Networks)
Date: December 12, 2025

Episode Overview

Key News Highlights & Analysis

1. White House Executive Order: Preempting State AI Regulation

[01:35–04:00]

President Trump signed an order to prevent states from creating their own AI regulations.
- Aimed at avoiding a "fragmented regulatory landscape" and maintaining US competitiveness against China.
- Directs the Attorney General to challenge state laws and the Commerce Department to flag problematic state regulations.
- Federal funds (like broadband grants) may be withheld from states passing independent AI rules.
In Context:
- States like California, Colorado, Utah, and Texas already passed AI laws for data, transparency, and discrimination risks.
- Supporters argue local rules are needed for real harms; the administration wants to target only the "most burdensome" restrictions.

"Trump said requiring companies to navigate approvals in all 50 states would discourage investment and slow development." (03:05, Host)

2. NSA Leadership Shake-Up

[04:05–05:15]

Joe Francesca’s nomination as NSA Deputy Director was withdrawn amid pressure from far-right conservatives and internal opposition.
Tim Kosiba, a former NSA and FBI senior official, is now slated for the role.
Backdrop: NSA continues to lack a Senate-confirmed director and faces additional senior departures.

3. Notable Security Events and Alerts

- LastPass Fined Over 2022 Breach

[05:16–06:18]

UK Information Commissioner's Office fined LastPass $1.6 million for insufficient technical/security measures.
Hackers accessed a backup database—though customer passwords were not decrypted.
Experts see this as a “watershed moment,” stressing modern breaches often relate to identity and supplier risk.

- Active Exploitation: Gladonet Center Stack

[06:19–07:00]

Warning from Huntress about real-world attacks exploiting a cryptography flaw (static keys).
Attackers can steal machine keys and execute remote code.
Nine organizations affected so far; immediate updating and review urged.

- OpenAI’s Cybersecurity Preparedness Plans

[07:01–08:10]

OpenAI now treats all future AI models as potentially high risk for cybersecurity.
Focus on “defense in depth,” robust red teaming, system monitoring, and a Trusted Access Program for verified defenders.
Analysts caution that real-world risks from AI attacks may be overstated for now.

- MITRE's Top 25 Software Vulnerabilities (2025)

[08:11–09:15]

Cross-site scripting, SQL injection, and CSRF lead the rankings.
New entries: several buffer overflows, access control issues.
CISA urges developers to use the list to guide secure-by-design practices.

- Emergency Patch: GeoServer Vulnerability

[09:16–10:18]

CISA orders agencies to patch a critical unauthenticated XXE (XML External Entity) flaw.
Exploits allow data theft, DoS, and server-side request forgery.
All organizations—public and private—strongly urged to update immediately.

- Major Anti-Piracy Takedown in India

[10:19–11:10]

Anti-piracy coalition ACE (including Disney, Netflix, Warner Bros.) shut down Mark V Cinemas, a leading illegal streaming service.
Operator agreed to cede 25 domains; also took down a file cloning tool widely used in India and Indonesia.

Featured Interview: Mark Lance – GuidePoint Security

Topic: Purple Team Tabletop Exercises & AI-Generated Attacks
[14:34–25:38]

The Rise and Purpose of Tabletop Exercises

[14:34–15:14]

Tabletop exercises have grown as organizations see the value in testing and awareness.
Drivers include board directives, insurance, and compliance needs.

"We recommend that a tabletop is performed at least once a year across your senior leadership team and then additionally a separate one across your technical or maybe management teams."
— Mark Lance (14:51)

What Is a Tabletop Exercise?

[15:20–16:14]

A “tabletop exercise” is a simulated incident, designed to:
- Educate on incident types, response processes, and key decision points.
- Help teams rehearse roles, responsibilities, and reactions in a controlled environment.

"The idea is to take this hypothetical incident that's applicable to you and your organization and get people to understand how they would react..."
— Mark Lance (16:03)

AI’s Impact on Incident Response Readiness

[16:14–17:24]

AI is now considered a core element in tabletop scenarios.
Includes threats like AI-generated phishing, malicious code, or attacks on internally-used AI systems.
Scenarios are customized to reflect real, emerging threats relevant to each organization.

Choosing Cadence and Audience for Exercises

[17:24–20:26]

Frequency depends on maturity and existing processes; less mature orgs should use exercises to develop plans.
Advanced organizations use tabletop to test and refine existing incident response.
Different roles:
- Technical teams focus on detection, escalation, and severity assessment.
- Senior leaders focus on business impact, communications (e.g., with cyber insurers, counsel), and response decisions.

"Audience-specific to their role is very important."
— Mark Lance (20:12)

Overcoming Skepticism and Realism

[20:26–22:35]

Many participants arrive not knowing what to expect; realistic, surprise-driven scenarios work best.
The process exposes policy and process gaps, drives improvements, and builds “muscle memory.”

Lessons Learned and Getting Started

[23:19–25:38]

Start by assessing your organization's maturity—have you ever done this before?
Decide on internal vs. third-party facilitation.
Focus scenarios on risks truly relevant to your specific environment—avoid generic, “this could never happen” stories.
Most important: capture lessons learned and apply them to keep improving response.

"They're not necessarily a test, but they're an opportunity to say, hey, we were extremely efficient here and here are things we did very well. But maybe we're missing some of these policies or processes here..."
— Mark Lance (24:50)

Memorable Quote

"A lot of our clients walk away from these things saying, 'holy crap, are these the kinds of things that could really happen to us?'"
— Mark Lance (22:47)

Cutting-Edge Research Highlight: DNA as an Attack Vector

[27:01–29:00]

Researchers demonstrated malware can be encoded in synthetic DNA, triggering exploits in sequencing software.
Biological samples, once digitized, pass into cloud systems where hidden code could corrupt data or provide remote access.
Raises new concerns for data integrity and biosecurity in genomics, biotech, and healthcare.

"The takeaway is simple and genomic pipelines are now part of the attack surface. The genome is no longer just life's blueprint, it is executable input."
— Dave Bittner (28:35)

Useful Timestamps

White House AI Executive Order: 01:35–04:00
NSA Leadership Update: 04:05–05:15
LastPass Breach Fine: 05:16–06:18
OpenAI Cyber Plans: 07:01–08:10
MITRE Vulnerabilities List: 08:11–09:15
GeoServer Exploit Alert: 09:16–10:18
Interview: Mark Lance begins: 14:34
- Tabletop Overview: 15:20
- AI in Exercises: 16:14
- Audience/Roles: 18:54
- Lessons Learned/Getting Started: 23:27
DNA-Based Malware Segment: 27:01–29:00

Conclusion

For a more in-depth dive, listen to the full episode and check supplemental materials at the CyberWire.

Powered by Wave AI

Summary

CyberWire Daily: "One rule to rule them all."

Episode Overview

Key News Highlights & Analysis

1. White House Executive Order: Preempting State AI Regulation

2. NSA Leadership Shake-Up

3. Notable Security Events and Alerts

- LastPass Fined Over 2022 Breach

- Active Exploitation: Gladonet Center Stack

- OpenAI’s Cybersecurity Preparedness Plans

- MITRE's Top 25 Software Vulnerabilities (2025)

- Emergency Patch: GeoServer Vulnerability

- Major Anti-Piracy Takedown in India

Featured Interview: Mark Lance – GuidePoint Security

The Rise and Purpose of Tabletop Exercises

What Is a Tabletop Exercise?

AI’s Impact on Incident Response Readiness

Choosing Cadence and Audience for Exercises

Overcoming Skepticism and Realism

Lessons Learned and Getting Started

Memorable Quote

Cutting-Edge Research Highlight: DNA as an Attack Vector

Useful Timestamps

Conclusion

Summary

CyberWire Daily: "One rule to rule them all."

Episode Overview

Key News Highlights & Analysis

1. White House Executive Order: Preempting State AI Regulation

2. NSA Leadership Shake-Up

3. Notable Security Events and Alerts

- LastPass Fined Over 2022 Breach

- Active Exploitation: Gladonet Center Stack

- OpenAI’s Cybersecurity Preparedness Plans

- MITRE's Top 25 Software Vulnerabilities (2025)

- Emergency Patch: GeoServer Vulnerability

- Major Anti-Piracy Takedown in India

Featured Interview: Mark Lance – GuidePoint Security

The Rise and Purpose of Tabletop Exercises

What Is a Tabletop Exercise?

AI’s Impact on Incident Response Readiness

Choosing Cadence and Audience for Exercises

Overcoming Skepticism and Realism

Lessons Learned and Getting Started

Memorable Quote

Cutting-Edge Research Highlight: DNA as an Attack Vector

Useful Timestamps

Conclusion