News

September 9, 2021

Powering Florida’s Cyber Future: Inside the ARCS Range

Aligned Realistic Cyberattack Simulation Range

Cyber Florida’s Partnership with SimSpace

At Cyber Florida, our mission is to strengthen the state’s cybersecurity ecosystem. A key part of that work is our partnership with SimSpace, which enables us to deliver a comprehensive platform for both offensive and defensive cybersecurity training.

Through this partnership, we power the ARCS (Aligned Realistic Cyberattack Simulation) Range, an advanced cyber range featuring high-fidelity simulations of complex networks and systems. These simulations allow users to engage in hands-on exercises that mirror today’s most pressing cyber threats, bridging the gap between theory and real-world application.

A national first in public-sector cyber training

Cyber Florida is delivering something unmatched: the nation’s only statewide, hands-on, customized cybersecurity training for the public sector.

This is a new level of training realism. Government systems can be fully virtualized, allowing cybersecurity professionals to defend their own environments in a safe, controlled setting. Within this space, teams can practice responding to sophisticated attacks launched by professional-grade adversaries without risking live systems.

The ARCS Range builds on this capability by offering a deeply customizable training environment that replicates entire systems and tests them against a library of real-world cyber threats. Participants are not only refining technical skills but also stress-testing response plans and gaining exposure to the tactics and techniques used by nation-state actors, including those associated with China, Russia, and Iran.

This type of immersive, high-stakes preparation is invaluable and uniquely available at scale across Florida.

Florida is a national leader in cybersecurity

We were honored to be recognized in SimSpace’s recent announcement of the relocation of its headquarters to Florida. The release highlights the state’s leadership in cybersecurity:

“Florida has emerged as the nation’s most sophisticated and unified cybersecurity environment. Through Cyber Florida, cybersecurity strategy, talent development, and operational coordination are aligned statewide. No other state has achieved this level of integration, with cybersecurity leadership anchored directly in the executive branch.”

This recognition reinforces what we see every day: Florida is building a model for how states can align strategy, workforce, and operations to meet evolving cyber challenges.

Read the full release: SimSpace Moves Global Headquarters to Orlando, Florida.

Strategic value across Florida’s ecosystem

The ARCS Range delivers measurable impact across multiple sectors, supporting a wide range of stakeholders:

  • University IT & security teams gain a safe, controlled environment to validate their security posture and rehearse incident response scenarios, reducing risk before real-world threats emerge.
  • Academic faculty and researchers benefit from infrastructure that strengthens competitiveness for major federal grants, including those from NSF and DoD.
  • State and local governments access no-cost, high-quality training to improve resilience and better protect critical public services.
  • K–12 students engage early through gamified cybersecurity competitions, helping build a strong and diverse future workforce pipeline.

Multiple university entities already leverage the ARCS Range at no cost, with additional partners continuing to join.

Operational excellence: training for the real world

The ARCS Range provides Florida’s public sector and university IT teams with a proactive, risk-free environment to test and strengthen their defenses before they are challenged by real-world adversaries.

Key capabilities include:

  • High-fidelity digital twin environments
    Organizations can replicate complex networks, including specific hardware, legacy systems, and hybrid cloud configurations, to safely test patches and configuration changes in a sandbox that mirrors production environments.
  • Tailored training for local governments
    Specialized modules address the unique needs and resource constraints of Florida’s counties and municipalities, ensuring that even smaller jurisdictions have access to advanced cybersecurity capabilities.
  • Live-fire readiness and stress testing
    Teams engage in Red vs. Blue exercises against simulated nation-state-level threats, building critical “muscle memory” and improving Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).
  • Security stack validation
    Agencies can safely test tools such as EDR, SIEM, and firewalls against live malware to identify vulnerabilities and misconfigurations without risking live data.

Driving research and academic innovation

The ARCS Range is also a powerful academic resource, supporting both instruction and cutting-edge research.

As a teaching tool, it enables professors to move beyond theory, introducing students to complex technical concepts while giving them the opportunity to apply that knowledge in realistic, hands-on scenarios within a safe environment.

As a research platform, the range provides a secure, high-fidelity environment for experimentation with complex systems. This capability not only advances innovation but also enhances grant competitiveness, helping faculty secure major federal research funding.

Additional research applications include:

  • Critical infrastructure and OT security
    Simulation of industrial control systems (ICS) to support research into protecting power grids, water systems, and election infrastructure.
  • High-fidelity data generation
    Creation of datasets used to train machine learning models to detect evolving threats and ransomware patterns.
  • Human-centric AI research
    Exploration of how AI-assisted tools impact analyst decision-making, cognitive load, and performance during high-pressure cyber events.

Building Florida’s cyber workforce

The ARCS Range is not just a training platform; it is a catalyst for workforce development across the state.

  • CyberLaunch and K–12 capture the flag competitions
    Students engage in hands-on challenges that gamify cybersecurity while introducing them to real-world tools and career pathways.
  • Experiential learning for university students
    Learners gain practical, scenario-based experience that prepares them to enter the workforce with confidence and capability.

A platform for what’s next

The combination of Cyber Florida’s statewide mission and SimSpace’s cutting-edge platform is helping define the future of cybersecurity training, research, and workforce development.

By providing a shared, high-impact resource like the ARCS Range, Cyber Florida is not only strengthening defenses today, it is building a more resilient, innovative, and prepared Florida for tomorrow.

Learn more about the ARCS Range and how to get started.

Powering Florida’s Cyber Future: Inside the ARCS Range2026-04-17T10:06:16-04:00

AI-Powered Cyber Threats: From Emerging Risks to Practical Defenses

This informational report from the Security Operations Center at Cyber Florida at USF examines emerging AI-driven attack vectors -including deepfake-enabled social engineering, automated malware campaigns, prompt injection, AI-assisted spear phishing, and more; plus practical detection techniques, risk mitigation frameworks, and policy recommendations.

Authors: Waratchaya Luangphairin (June), Eduarda Koop, Isaiah Johnson, and Isaac Ward.

AI-Powered Cyber Threats: From Emerging Risks to Practical Defenses2026-04-16T10:16:46-04:00

USF Reception & Fireside Chat, May 13, 2026

We are pleased to invite you to a reception co-hosted by the University of South Florida’s Global and National Security Institute (GNSI) and Cyber Florida as part of their student DC Experience.

The reception will feature a fireside chat with Douglas Silliman, former ambassador to Kuwait and Iraq, and current President of the Arab Gulf States Institute, and Karen Sasahara, former ambassador to Kuwait, and a distinguished Fellow at AGSI. It will convene leaders, professionals, and students from across the national security, cyber, and policy enterprise to discuss the most pressing strategic challenges of our time.

Date: Wednesday, May 13, 2026
Time: 5:00 – 7:00 PM
Location: The Florida House, 1 2nd St NE, Washington, DC 20002
Kindly RSVP by May 1st

USF Reception & Fireside Chat, May 13, 20262026-04-14T12:09:34-04:00

Cynthia Wyre — Project Manager at Rapid7 and the Queen of Cyber Media

Episode 71 — Cynthia Wyre

Cynthia Wyre —Project Manager at Rapid7 and the Queen of Cyber Media

Cynthia Wyre is a Senior Strategic Engagement Project Manager at Rapid7, where she helps connect academic research and industry. Her path into cybersecurity innovation was untraditional, moving from healthcare and construction project management into vulnerability research and academic partnerships.

Cynthia reflects how she applied for a role she did not think she was qualified for, why professionals of all backgrounds belong in cyber, and how project management skills can open unexpected doors.

Jack Clabby of Carlton Fields, P.A., and K. Melton of the Cognitive Security Institute welcome Cynthia live from CyberBay 2026 in Tampa for a conversation about research, resilience, and relationship-building in cybersecurity. Cynthia explains Rapid7’s partnership with USF and Cyber Florida, including her efforts to support research around SOC analyst training and burnout, and the future of cyber education.

Throughout the conversation, Cynthia highlights the importance of community, mentorship, and helping people see that cybersecurity is not limited to one path or one type of person.

The episode wraps with the Lifestyle Polygraph, where Cynthia reveals how she would work a room full of strangers and how she won a costume contest moments before meeting rapper Young Gravy. She also earns a crown of her own, officially joining the No Password Required fantasy cybersecurity squad as Queen of the Podcast.

Follow Cynthia on LinkedIn: https://www.linkedin.com/in/cynthiawyre/

Presented by ThreatLocker
Follow ThreatLocker on LinkedIn: https://www.linkedin.com/company/threatlockerinc/posts/

Cynthia Wyre — Project Manager at Rapid7 and the Queen of Cyber Media2026-04-07T16:57:57-04:00

Modernizing the U.S. Cyber Talent Pipeline for the AI Era

This report examines why Florida’s entry‑level cybersecurity market struggles – misaligned curricula, mixed job postings, and limited hands‑on experiences – and lays out the CyberBay2026 Regional Workforce Alignment Action Plan. A roadmap for educators, employers, and policymakers to scale evidence‑based solutions and strengthen Florida’s cybersecurity talent pipeline.

Modernizing the U.S. Cyber Talent Pipeline for the AI Era2026-04-02T16:50:45-04:00

ThreatLocker named lead sponsor for 3rd annual CyberLaunch

CyberLaunch

CyberLaunch, presented by ThreatLocker, expands access to Florida students for the nation’s largest state-sponsored cybersecurity competition

Orlando, FL, April 01, 2026 (GLOBE NEWSWIRE) — Cyber Florida at USF and ThreatLocker, a global leader in Zero Trust cybersecurity, today announced that ThreatLocker will serve as the lead sponsor of CyberLaunch, Cyber Florida’s annual cybersecurity competition for Florida middle and high school students. The financial support will help cover travel and lodging costs for participating teams, thereby expanding access to the nation’s largest state-sponsored in-person cybersecurity competition.

“Cybercriminals and nation-state actors aren’t slowing down, and we need more people ready to stop them,” ThreatLocker CEO & Co-Founder Danny Jenkins said. “Building that workforce starts with getting students interested early and giving them opportunities like CyberLaunch to develop real skills. My own interest in cybersecurity began in grade school, and we’re proud to support a program that helps foster that same interest in the next generation of cybersecurity professionals.”

Cyber Florida, a state-funded organization housed at the University of South Florida, works to position Florida as a national leader in cybersecurity. Programs like CyberLaunch directly support this mission by strengthening education, advancing research, and building the state’s cybersecurity workforce pipeline.

This year, 500 students representing 63 Florida high schools will compete in CyberLaunch. To qualify, students first participated in a statewide virtual qualifier held last fall, which was free and open to all middle and high school students across Florida. Of the 1,300 students who participated in the virtual qualifier, 500 of the top performers earned invitations to the in-person 2026 CyberLaunch State Championship to take place on April 24 at the University of South Florida’s Tampa campus. The competition features beginner, intermediate, and advanced tracks to accommodate students of all experience levels.

“Florida is becoming the epicenter of forward-thinking cybersecurity companies, driven in part by the growth of organizations like ThreatLocker,” said Cyber Florida Senior Director Ernie Ferraresso. “To sustain that momentum, we must invest in the next generation by creating opportunities for students interested in cybersecurity careers. CyberLaunch plays a key role in expanding access to cybersecurity education across the state.”

About ThreatLocker
ThreatLocker is a global cybersecurity leader that stops cyberattacks before they happen. The company’s Zero Trust Platform prevents breaches from both known and unknown threats by allowing only explicitly trusted software and activity across endpoints, networks, and cloud systems. Built to deploy quickly and scale across complex environments, the platform reduces operational overhead while keeping business running uninterrupted. Headquartered in Orlando, Florida, with offices in Dublin, Dubai, and Brisbane, ThreatLocker protects over 70,000 organizations worldwide.

About Cyber Florida 
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

Contact Data

ThreatLocker Inc
321-515-3813
press@threatlocker.com

Jennifer Kleman
Cyber Florida
863-398-5610
jennifer437@cyberflorida.org
ThreatLocker named lead sponsor for 3rd annual CyberLaunch2026-04-01T13:13:12-04:00

Chrome Zero-Days Threat Advisory

I. Introduction

On 13th March, Google pushed out an emergency security patch to address a pair of critical zero-day vulnerabilities used by attackers to actively exploit the Google Chrome web browser. CVE-2026-3909 and CVE-2026-3910 both carry a high severity CVSS score of 8.8 (a standardized way to measure vulnerabilities’ severity). Both have been confirmed and recognized by Google and Cybersecurity and Infrastructure Security Agency (CISA).

Due to the nature of these flaws existing within the foundation of Chromium code base, that caused these vulnerabilities to be exploited, the attack surface extends beyond Google Chrome. Any browser or application utilizing the Chromium engine is affected, common examples include:

  • Brave
  • Opera
  • Vivaldi
  • Microsoft Edge

The vulnerabilities target two distinct core components:

  • CVE-2026-3909 (Skia Out-of-Bounds Write): An out-of-bounds memory write vulnerability in Skia 2D graphics library, allowing an attacker to remotely corrupt memory leading to browsers crashing or further exploited.
  • CVE-2026-3910 (Inappropriate implementation in V8): A severe critical code injection and memory buffer vulnerability within the V8 JavaScript engine, allowing a remote attacker to execute arbitrary code.

Since these attacks only require a simple click from a victim or to visit a malicious webpage, the risk is immediate; users are urged to update their browsers to mitigate any potential threats.

II. Technical Analysis

Both of these zero-day vulnerabilities target the renderer process, a sandboxed environment responsible for parsing HTML, executing JavaScript, and drawing visual elements on the screen. Since the renderer handles a lot of untrusted data on the web, it is a primary and common target for browser exploitation.

To understand the severity of CVE-2026-3909 and CVE-2026-3910, it is important to look at how the foundational architecture of the Chromium engine manages untrusted web content.

CVE-2026-3909:

Skia Out-of-Bounds (OOB) Write: Skia is a foundational open source 2D graphics library used by Chromium. It renders all visual elements on a webpage: SVG (Scalable Vector Graphics) paths, HTML elements, CSS borders and web fonts.

  • The Vulnerability: An Out-of-Bounds (OOB) write occurs when a program writes data past the intended boundary of an allocated memory buffer. In the case of CVE-2026-3909, a logical flaw in how Skia calculates the memory requirements for specific, complex graphic rendering tasks (likely related to path stroking, matrix transformations, or clipping bounds) results in the allocation of a heap buffer that is too small for the resulting data.
  • An attacker cannot simply crash the browser; they must control the crash to hijack the system. To exploit this Skia flaw, an attacker could use JavaScript to meticulously arrange the browser’s memory layout, also known as “heap grooming” technique. By precisely positioning specific data structures adjacent to the vulnerable Skia buffer, the attacker triggers the OOB to write to overwrite the neighboring data.
  • The attacker’s goal is to overwrite a function pointer or a C++ virtual table (vtable) pointer. Once the browser attempts to use that corrupted pointer for a subsequent graphic operation, the execution flow is redirected to the attacker’s malicious shellcode, granting them control over the renderer process.

CVE-2026-3910

V8 Inappropriate Implementation: V8 is Google’s JavaScript and WebAssembly engine. V8 has a multi-tiered architecture, which relies on an interpreter and “Just-In-Time” optimizing compiler.

  • The Vulnerability: As JavaScript runs, TurboFan monitors the code. If a function is executed repeatedly, TurboFan compiles it into highly optimized machine code. To do this quickly, TurboFan makes strict assumptions (speculative optimization) about the types of variables being used based on past behavior. “Inappropriate implementation” indicates a critical bug where TurboFan’s internal logic incorrectly models the side-effects of a specific JavaScript operation, causing it to drop essential security boundaries (like bounds checks or type checks) in the optimized code.
  • By feeding the optimized function an unexpected data type, the attacker intentionally violates TurboFan’s assumptions. Since the safety checks were compiled out, the engine experiences “type confusion.” For example, the V8 engine might be tricked into treating a raw integer as a memory pointer, or treating a standard array as an array of executable objects.
  • Once type confusion is achieved, the attacker uses it to construct an arbitrary memory read and an arbitrary memory write. The attacker can now scan the V8 heap, locate executable memory pages (often utilizing WebAssembly memory allocations, which are marked as Read/Write/Execute), inject their malicious payload, and execute it.

III. Remediation and Mitigation

Since CVE-2026-3909 and CVE-2026-3910 are being actively exploited in the wild and require no user interaction beyond visiting a malicious webpage, organizations must prioritize immediate remediation.

1. Immediate Remediation: Software Updates

The only definitive method to eliminate the risk posed by these vulnerabilities is to update the affected software. Security and IT operations teams should utilize automated patch management systems to push these updates across their respective networks. 

  • Google Chrome: Verify that all endpoint deployments of Google Chrome are updated to the following versions (or later):

    Windows and macOS: Version 146.0.7680.75 or 146.0.7680.76

    Linux: Version 146.0.7680.75 

  • Chromium-Based Browsers: Ensure that all other approved browsers utilizing the Chromium engine (e.g., Microsoft Edge, Brave, Opera, Vivaldi) are updated to their respective vendors’ patched versions. 
  • Electron Applications: Monitor vendor advisories for desktop applications built on the Electron framework (e.g., Slack, Microsoft Teams) and apply updates as they are released, as these applications bundle the vulnerable Chromium components. 
2. Threat Detection and Hunting 

Security Operations Centers (SOC) should continue to ensure their Endpoint Detection and Response (EDR) platforms are configured to monitor for anomalous behavior originating from browser processes. Specifically, analysts should hunt for: 

  • Unexpected child processes spawning from chrome.exe or msedge.exe (e.g., command shells, PowerShell, or unknown executables). 
  • Browser processes attempting to write executable files to disk outside of standard download directories. 
  • Unexpected network connections initiated by the browser to known Command and Control (C2) infrastructure following a browser crash event. 
  • Monitor for unexpected chrome.exe crashes and Ensure the website or external website is legible. 

VII. References

https://nvd.nist.gov/vuln/detail/CVE-2026-3910

https://nvd.nist.gov/vuln/detail/CVE-2026-3909

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html

https://www.sentinelone.com/vulnerability-database/cve-2026-3910/

https://www.chromium.org/Home/chromium-security/

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Taylor Alvarez

Chrome Zero-Days Threat Advisory2026-04-01T10:09:15-04:00

Teacher Spotlight: Yoel Mozote

Yoel Mozote

Teacher: Yoel Mozote

District: Miami-Dade County

Yoel Monzote is a cybersecurity and computer science educator at iPrep Academy North in Miami, where he prepares the next generation of digital defenders through real-world instruction in network security, ethical hacking, and IT.

Under his leadership, iPrep Academy North has become a hub for hands-on, competitive learning. His students have earned:

  • 3rd Place (Beginner Level) at CyberLaunch 2025, a statewide competition hosted by Cyber Florida with more than 1,000 participants
  • 1st Place in the Innovate Challenge 2025 district competition, outperforming nine high school programs

Mr. Monzote emphasizes critical thinking, problem-solving under pressure, and technical excellence. He has also secured donated devices so students can practice on real hardware.

He also teaches at Miami Dade College (MDC), where he is known for connecting academic theory with the rigorous demands of today’s cybersecurity industry.

Thanks for all you do, Mr. Monzote!

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

Teacher Spotlight: Yoel Mozote2026-03-30T13:14:36-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2026 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.