One rule to rule them all.

A new executive order targets states’ AI regulations, while the White House shifts course on an NSA deputy director pick. The UK fines LastPass over inadequate security measures. Researchers warn of active attacks against Gladinet CentreStack instances. OpenAI outlines future cybersecurity plans. MITRE ranks the top 25 vulnerabilities of 2025. CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. An anti-piracy coalition shuts down one of India’s most popular illegal streaming services. Our guest Mark Lance, Vice President, DFIR & Threat Intelligence, GuidePoint Security, unpacks purple team table top exercises to prepare for AI-generated attacks. Hackers set their sights on DNA.

Today is Friday December 12th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

A new executive order targets states’ AI regulations, while the White House shifts course on an NSA deputy director pick. 

President Donald Trump signed an executive order aimed at preventing U.S. states from creating their own artificial intelligence regulations, arguing that a fragmented regulatory landscape could hinder innovation and weaken America’s ability to compete with China. Trump said requiring companies to navigate approvals in all 50 states would discourage investment and slow development. The order directs the Attorney General to form a task force to challenge state AI laws and instructs the Commerce Department to identify regulations deemed problematic. It also threatens to withhold certain federal funds, including broadband grants, from states that enact AI rules.

The move comes amid bipartisan calls in Congress and pressure from civil liberties and consumer groups for stronger AI oversight. Several states, including California, Colorado, Utah, and Texas, have already passed AI laws focused on data limits, transparency, and discrimination risks. Supporters say such measures address real harms, while the administration argues only the most burdensome regulations should be targeted, leaving room for protections like child safety.

The Trump administration has reversed its decision on who will serve as deputy director of the National Security Agency, withdrawing its earlier pick amid internal opposition and pressure from far-right conservatives. Joe Francescon, announced in August for the No. 2 role, was recently informed he would no longer be appointed, according to multiple sources. Francescon, a former NSA analyst and National Security Council official, never began the job and faced criticism from conservative activists, as well as resistance within the administration. He has since declined alternative NSA roles and moved to the private sector.

The White House now plans to name Tim Kosiba, a former senior NSA and FBI official, to the position. Kosiba reportedly has backing from Trump allies and recently completed a polygraph at NSA headquarters. The change adds to ongoing leadership instability at the NSA, which remains without a Senate-confirmed director and faces additional senior departures in the coming weeks.

The UK fines LastPass over inadequate security measures. 

The U.K. Information Commissioner’s Office has fined LastPass £1.2 million, about $1.6 million, over a 2022 data breach that affected roughly 1.6 million U.K. users. Regulators concluded that LastPass failed to implement sufficiently robust technical and security measures, allowing a hacker to gain unauthorized access to a backup database tied to a third-party cloud storage service. While there is no evidence that customer passwords were decrypted, the ICO said the company nonetheless failed users who trusted it to protect sensitive information.

LastPass, which serves more than 20 million consumers and 100,000 businesses globally, remains a recommended security tool, despite the incident. Industry experts described the fine as a watershed moment, highlighting that modern breaches often stem from identity compromise, governance failures, and supplier risk, rather than weak passwords alone.

Researchers warn of active attacks against Gladinet CentreStack instances. 

Huntress is warning of active attacks against Gladinet CentreStack instances, where attackers exploit a newly identified cryptography flaw to steal machine keys and gain remote code execution. The issue stems from CentreStack reusing static cryptographic strings, allowing attackers to access the web.config file, forge trusted requests, and abuse ASPX ViewState deserialization. Huntress has observed nine impacted organizations across multiple sectors. No CVE has been assigned. Gladinet has issued fixes, and organizations are urged to update immediately and review indicators of compromise.

OpenAI outlines future cybersecurity plans. 

OpenAI has outlined plans to treat all future AI models as having potentially “High” cybersecurity capabilities, acknowledging they could both aid defenders and be misused by attackers. Under its Preparedness Framework, such models might automate vulnerability discovery or cyber operations, prompting a defense-in-depth approach. Rather than limiting access or knowledge, OpenAI plans to rely on targeted training, red teaming, and systemwide monitoring to curb abuse. Models are designed to refuse or safely respond to malicious requests, with suspicious activity blocked, downgraded, or escalated for enforcement. OpenAI also plans a trusted access program offering enhanced capabilities to qualified cybersecurity defenders and a Frontier Risk Council of experts. While OpenAI cites improving model performance as evidence of advancing capabilities, outside analysts caution against overstating current AI-driven threats.

MITRE ranks the top 25 vulnerabilities of 2025. 

MITRE has published their 2025 CWE Top 25,  ranking the past year’s vulnerabilities. Cross-site scripting was the most dangerous software weakness, followed by SQL injection and cross-site request forgery. Missing authorization climbed to fourth, while out-of-bounds write placed fifth. The list adds six new entries, including multiple buffer overflow flaws and access control weaknesses, while several issues dropped off due to methodology changes. CISA says the updated list is designed to help reduce vulnerabilities and costs. Agencies urge developers and security teams to use it to guide Secure by Design practices, testing, and vendor evaluations.

CISA orders U.S. federal agencies to urgently patch a critical GeoServer vulnerability. 

CISA has ordered U.S. federal agencies to urgently patch a critical GeoServer vulnerability that is being actively exploited in the wild. The flaw, tracked as CVE-2025-58360, is an unauthenticated XML External Entity, or XXE, vulnerability affecting GeoServer versions 2.26.1 and earlier. By abusing weak XML input handling in a specific GetMap endpoint, attackers can retrieve arbitrary files, trigger denial-of-service conditions, access sensitive data, or enable server-side request forgery. CISA has added the flaw to its Known Exploited Vulnerabilities catalog and directed Federal Civilian Executive Branch agencies to remediate by January 1, 2026. While the mandate applies only to federal agencies, CISA strongly urges all organizations running GeoServer to patch immediately, noting widespread exposure and active exploitation.

An anti-piracy coalition shuts down one of India’s most popular illegal streaming services. 

An anti-piracy coalition has shut down MKVCinemas, one of India’s most popular illegal streaming services, cutting off access to free movies and TV shows used by millions. The operation was led by the Alliance for Creativity and Entertainment, or ACE, backed by more than 50 major studios and networks including Disney, Netflix, and Warner Bros. ACE identified the operator in Bihar, India, who agreed to cease operations and transfer 25 related domains, now redirected to a legal streaming portal. The coalition also dismantled a file-cloning tool widely used in India and Indonesia to distribute pirated content via cloud storage. ACE says the takedown underscores its continued collaboration with global law enforcement to disrupt large-scale piracy networks.

Hackers set their sights on DNA. 

Cybersecurity has officially crossed the Rubicon, and it did so carrying a pipette. Researchers have shown that malware no longer needs phishing emails or poisoned downloads. It can hitch a ride inside synthetic DNA. In a University of Washington demonstration, carefully crafted DNA sequences were shown to trigger exploits when processed by sequencing software, turning lab workflows into attack paths. Once sequenced, biological data moves through cloud platforms and custom code, where hidden instructions could corrupt data or enable remote access.

For sectors like genomics, biotech, healthcare, and agriculture, this raises uncomfortable questions about data integrity, intellectual property, and national biosecurity. Traditional controls barely notice the threat, because DNA looks like biology, not malware. The takeaway is simple and unsettling: genomic pipelines are now part of the attack surface. The genome is no longer just life’s blueprint. It is executable input. And yes, that means your lab bench just joined the threat model.

Now if you’ll excuse me, I’m going to go watch the latest episode of Pluribus…

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

And that’s the CyberWire Daily, brought to you by N2K CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our producer is Liz Stokes. We’re mixed by Elliott Peltzman and Tré Hester, with original music by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.