Sarina

About Sarina Gandy

This author has not yet filled in any details.
So far Sarina Gandy has created 138 blog entries.

Tim Holcomb – Inside Embarc Collective and Tampa’s Startup Future

Tim Holcomb is the CEO of the Embarc Collective, a Tampa-based nonprofit helping startup founders build bold, scalable companies through coaching, connection, and community.

In this episode, Tim sits down with Sarina Gandy to explore how Embarc Collective is shaping Tampa Bay’s growing innovation ecosystem by supporting founders through every stage of the startup journey. The two discuss Embarc’s unique approach to founder support, the importance of community in entrepreneurship, the evolving role of cybersecurity and emerging technology in the region, and how partnerships with organizations like the University of South Florida are helping strengthen Tampa Bay’s future workforce.

Tim also reflects on his own career journey across industries and countries — and the full-circle experiences that eventually led him back to entrepreneurship and leadership in Tampa Bay.

The CyberBay Podcast is produced by Sarina Gandy and powered by Cyber Florida.

Tim Holcomb – Inside Embarc Collective and Tampa’s Startup Future2026-06-01T13:53:29-04:00

Eric Foster – Building TENEX.AI from the Ground Up

Eric Foster, CEO and founder of TENEX.AI, is building more than a cybersecurity company – he’s building an AI-native defense solution designed to change how security teams operate.

In this episode of the CyberBay Podcast, guest host and Tampa Bay Business Journal reporter Anjelica Rubin sits down with Eric inside TENEX’s soon-to-be headquarters, which is currently still under construction, for a conversation about building from the ground up. Eric reflects on his early fascination with technology, the mentors who shaped his leadership journey, and the pivotal moments that pushed him to launch TENEX. Together, they explore what it really means to be “AI-native,” how artificial intelligence is reshaping the cybersecurity workforce, and why Eric believes Tampa Bay – and CyberBay – are positioned to play a defining role in the industry’s future.

The CyberBay Podcast is produced by Sarina Gandy, powered by Cyber Florida, and supported by Bellini Capital.

Eric Foster – Building TENEX.AI from the Ground Up2026-06-01T09:25:20-04:00

GitHub Internals Breach via Poisoned VS Code Extension

On May 19th, GitHub announced via X (formerly Twitter) an ongoing investigation into unauthorized access to its internal repositories. In a follow-up statement hours later, GitHub confirmed it had experienced a breach and assessed that threat actors were able to steal source files and other sensitive data from around 3,800 of its internal repositories.

Authors: Taylor Alvarez, Isaac Ward

GitHub Internals Breach via Poisoned VS Code Extension2026-05-29T10:19:40-04:00

Technical Threat Advisory | CVE-2026-45675

This technical threat advisory covers LDAP and OAuth first-user race condition, allowing unauthorized admin privilege escalation in Open WebUI.

This threat was originally discovered by Sanaan Fayaz Wani from the Cyber Florida SOC and is now recognized as an official CVE.

Technical Threat Advisory | CVE-2026-456752026-05-20T10:37:32-04:00

Romance Scams Informational Report

One of today’s most pervasive threats, romance scams build fake trust and affection to defraud victims. McAfee’s 2026 report found 1 in 7 American adults lost money to online dating or romance scams, and the FTC reports a median loss of $2,000 per victim — $1.14 billion in 2023.

This Cyber Florida Security Operations Center report explains what romance scams are, as well as common tactics, prevention tips, and points to resources for reporting and recovery.

Romance Scams Informational Report2026-05-04T13:19:52-04:00

AI-Powered Cyber Threats: From Emerging Risks to Practical Defenses

This informational report from the Security Operations Center at Cyber Florida at USF examines emerging AI-driven attack vectors -including deepfake-enabled social engineering, automated malware campaigns, prompt injection, AI-assisted spear phishing, and more; plus practical detection techniques, risk mitigation frameworks, and policy recommendations.

Authors: Waratchaya Luangphairin (June), Eduarda Koop, Isaiah Johnson, and Isaac Ward.

AI-Powered Cyber Threats: From Emerging Risks to Practical Defenses2026-04-16T10:16:46-04:00

Modernizing the U.S. Cyber Talent Pipeline for the AI Era

This report examines why Florida’s entry‑level cybersecurity market struggles – misaligned curricula, mixed job postings, and limited hands‑on experiences – and lays out the CyberBay2026 Regional Workforce Alignment Action Plan. A roadmap for educators, employers, and policymakers to scale evidence‑based solutions and strengthen Florida’s cybersecurity talent pipeline.

Modernizing the U.S. Cyber Talent Pipeline for the AI Era2026-04-02T16:50:45-04:00

Chrome Zero-Days Threat Advisory

I. Introduction

On 13th March, Google pushed out an emergency security patch to address a pair of critical zero-day vulnerabilities used by attackers to actively exploit the Google Chrome web browser. CVE-2026-3909 and CVE-2026-3910 both carry a high severity CVSS score of 8.8 (a standardized way to measure vulnerabilities’ severity). Both have been confirmed and recognized by Google and Cybersecurity and Infrastructure Security Agency (CISA).

Due to the nature of these flaws existing within the foundation of Chromium code base, that caused these vulnerabilities to be exploited, the attack surface extends beyond Google Chrome. Any browser or application utilizing the Chromium engine is affected, common examples include:

  • Brave
  • Opera
  • Vivaldi
  • Microsoft Edge

The vulnerabilities target two distinct core components:

  • CVE-2026-3909 (Skia Out-of-Bounds Write): An out-of-bounds memory write vulnerability in Skia 2D graphics library, allowing an attacker to remotely corrupt memory leading to browsers crashing or further exploited.
  • CVE-2026-3910 (Inappropriate implementation in V8): A severe critical code injection and memory buffer vulnerability within the V8 JavaScript engine, allowing a remote attacker to execute arbitrary code.

Since these attacks only require a simple click from a victim or to visit a malicious webpage, the risk is immediate; users are urged to update their browsers to mitigate any potential threats.

II. Technical Analysis

Both of these zero-day vulnerabilities target the renderer process, a sandboxed environment responsible for parsing HTML, executing JavaScript, and drawing visual elements on the screen. Since the renderer handles a lot of untrusted data on the web, it is a primary and common target for browser exploitation.

To understand the severity of CVE-2026-3909 and CVE-2026-3910, it is important to look at how the foundational architecture of the Chromium engine manages untrusted web content.

CVE-2026-3909:

Skia Out-of-Bounds (OOB) Write: Skia is a foundational open source 2D graphics library used by Chromium. It renders all visual elements on a webpage: SVG (Scalable Vector Graphics) paths, HTML elements, CSS borders and web fonts.

  • The Vulnerability: An Out-of-Bounds (OOB) write occurs when a program writes data past the intended boundary of an allocated memory buffer. In the case of CVE-2026-3909, a logical flaw in how Skia calculates the memory requirements for specific, complex graphic rendering tasks (likely related to path stroking, matrix transformations, or clipping bounds) results in the allocation of a heap buffer that is too small for the resulting data.
  • An attacker cannot simply crash the browser; they must control the crash to hijack the system. To exploit this Skia flaw, an attacker could use JavaScript to meticulously arrange the browser’s memory layout, also known as “heap grooming” technique. By precisely positioning specific data structures adjacent to the vulnerable Skia buffer, the attacker triggers the OOB to write to overwrite the neighboring data.
  • The attacker’s goal is to overwrite a function pointer or a C++ virtual table (vtable) pointer. Once the browser attempts to use that corrupted pointer for a subsequent graphic operation, the execution flow is redirected to the attacker’s malicious shellcode, granting them control over the renderer process.

CVE-2026-3910

V8 Inappropriate Implementation: V8 is Google’s JavaScript and WebAssembly engine. V8 has a multi-tiered architecture, which relies on an interpreter and “Just-In-Time” optimizing compiler.

  • The Vulnerability: As JavaScript runs, TurboFan monitors the code. If a function is executed repeatedly, TurboFan compiles it into highly optimized machine code. To do this quickly, TurboFan makes strict assumptions (speculative optimization) about the types of variables being used based on past behavior. “Inappropriate implementation” indicates a critical bug where TurboFan’s internal logic incorrectly models the side-effects of a specific JavaScript operation, causing it to drop essential security boundaries (like bounds checks or type checks) in the optimized code.
  • By feeding the optimized function an unexpected data type, the attacker intentionally violates TurboFan’s assumptions. Since the safety checks were compiled out, the engine experiences “type confusion.” For example, the V8 engine might be tricked into treating a raw integer as a memory pointer, or treating a standard array as an array of executable objects.
  • Once type confusion is achieved, the attacker uses it to construct an arbitrary memory read and an arbitrary memory write. The attacker can now scan the V8 heap, locate executable memory pages (often utilizing WebAssembly memory allocations, which are marked as Read/Write/Execute), inject their malicious payload, and execute it.

III. Remediation and Mitigation

Since CVE-2026-3909 and CVE-2026-3910 are being actively exploited in the wild and require no user interaction beyond visiting a malicious webpage, organizations must prioritize immediate remediation.

1. Immediate Remediation: Software Updates

The only definitive method to eliminate the risk posed by these vulnerabilities is to update the affected software. Security and IT operations teams should utilize automated patch management systems to push these updates across their respective networks. 

  • Google Chrome: Verify that all endpoint deployments of Google Chrome are updated to the following versions (or later):

    Windows and macOS: Version 146.0.7680.75 or 146.0.7680.76

    Linux: Version 146.0.7680.75 

  • Chromium-Based Browsers: Ensure that all other approved browsers utilizing the Chromium engine (e.g., Microsoft Edge, Brave, Opera, Vivaldi) are updated to their respective vendors’ patched versions. 
  • Electron Applications: Monitor vendor advisories for desktop applications built on the Electron framework (e.g., Slack, Microsoft Teams) and apply updates as they are released, as these applications bundle the vulnerable Chromium components. 
2. Threat Detection and Hunting 

Security Operations Centers (SOC) should continue to ensure their Endpoint Detection and Response (EDR) platforms are configured to monitor for anomalous behavior originating from browser processes. Specifically, analysts should hunt for: 

  • Unexpected child processes spawning from chrome.exe or msedge.exe (e.g., command shells, PowerShell, or unknown executables). 
  • Browser processes attempting to write executable files to disk outside of standard download directories. 
  • Unexpected network connections initiated by the browser to known Command and Control (C2) infrastructure following a browser crash event. 
  • Monitor for unexpected chrome.exe crashes and Ensure the website or external website is legible. 

VII. References

https://nvd.nist.gov/vuln/detail/CVE-2026-3910

https://nvd.nist.gov/vuln/detail/CVE-2026-3909

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html

https://www.sentinelone.com/vulnerability-database/cve-2026-3910/

https://www.chromium.org/Home/chromium-security/

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Taylor Alvarez

Chrome Zero-Days Threat Advisory2026-04-01T10:09:15-04:00

Securing Florida’s K-12 Schools Against Cyber Threats

Cyber Florida’s 2025 research examines operational cyber readiness in Florida’s K–12 districts, drawing on semi-structured interviews with IT and cybersecurity leaders from 17 districts. The report highlights vulnerabilities in student privacy protection, incident response, patching and network segmentation, policy gaps, staffing and budget barriers, and vendor risk. Evidence-based findings and practical recommendations guide district leaders, policymakers, and education IT teams to strengthen resilience, compliance, and data-security practices across public schools.

Securing Florida’s K-12 Schools Against Cyber Threats2026-04-08T10:04:39-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2026 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.