News

September 9, 2021

AI-Powered Cyber Threats: From Emerging Risks to Practical Defenses

This informational report from the Security Operations Center at Cyber Florida at USF examines emerging AI-driven attack vectors -including deepfake-enabled social engineering, automated malware campaigns, prompt injection, AI-assisted spear phishing, and more; plus practical detection techniques, risk mitigation frameworks, and policy recommendations.

Authors: Waratchaya Luangphairin (June), Eduarda Koop, Isaiah Johnson, and Isaac Ward.

AI-Powered Cyber Threats: From Emerging Risks to Practical Defenses2026-04-16T10:16:46-04:00

USF Reception & Fireside Chat, May 13, 2026

We are pleased to invite you to a reception co-hosted by the University of South Florida’s Global and National Security Institute (GNSI) and Cyber Florida as part of their student DC Experience.

The reception will feature a fireside chat with Douglas Silliman, former ambassador to Kuwait and Iraq, and current President of the Arab Gulf States Institute, and Karen Sasahara, former ambassador to Kuwait, and a distinguished Fellow at AGSI. It will convene leaders, professionals, and students from across the national security, cyber, and policy enterprise to discuss the most pressing strategic challenges of our time.

Date: Wednesday, May 13, 2026
Time: 5:00 – 7:00 PM
Location: The Florida House, 1 2nd St NE, Washington, DC 20002
Kindly RSVP by May 1st

USF Reception & Fireside Chat, May 13, 20262026-04-14T12:09:34-04:00

Cynthia Wyre — Project Manager at Rapid7 and the Queen of Cyber Media

Episode 71 — Cynthia Wyre

Cynthia Wyre —Project Manager at Rapid7 and the Queen of Cyber Media

Cynthia Wyre is a Senior Strategic Engagement Project Manager at Rapid7, where she helps connect academic research and industry. Her path into cybersecurity innovation was untraditional, moving from healthcare and construction project management into vulnerability research and academic partnerships.

Cynthia reflects how she applied for a role she did not think she was qualified for, why professionals of all backgrounds belong in cyber, and how project management skills can open unexpected doors.

Jack Clabby of Carlton Fields, P.A., and K. Melton of the Cognitive Security Institute welcome Cynthia live from CyberBay 2026 in Tampa for a conversation about research, resilience, and relationship-building in cybersecurity. Cynthia explains Rapid7’s partnership with USF and Cyber Florida, including her efforts to support research around SOC analyst training and burnout, and the future of cyber education.

Throughout the conversation, Cynthia highlights the importance of community, mentorship, and helping people see that cybersecurity is not limited to one path or one type of person.

The episode wraps with the Lifestyle Polygraph, where Cynthia reveals how she would work a room full of strangers and how she won a costume contest moments before meeting rapper Young Gravy. She also earns a crown of her own, officially joining the No Password Required fantasy cybersecurity squad as Queen of the Podcast.

Follow Cynthia on LinkedIn: https://www.linkedin.com/in/cynthiawyre/

Presented by ThreatLocker
Follow ThreatLocker on LinkedIn: https://www.linkedin.com/company/threatlockerinc/posts/

Cynthia Wyre — Project Manager at Rapid7 and the Queen of Cyber Media2026-04-07T16:57:57-04:00

Modernizing the U.S. Cyber Talent Pipeline for the AI Era

This report examines why Florida’s entry‑level cybersecurity market struggles – misaligned curricula, mixed job postings, and limited hands‑on experiences – and lays out the CyberBay2026 Regional Workforce Alignment Action Plan. A roadmap for educators, employers, and policymakers to scale evidence‑based solutions and strengthen Florida’s cybersecurity talent pipeline.

Modernizing the U.S. Cyber Talent Pipeline for the AI Era2026-04-02T16:50:45-04:00

ThreatLocker named lead sponsor for 3rd annual CyberLaunch

CyberLaunch

CyberLaunch, presented by ThreatLocker, expands access to Florida students for the nation’s largest state-sponsored cybersecurity competition

Orlando, FL, April 01, 2026 (GLOBE NEWSWIRE) — Cyber Florida at USF and ThreatLocker, a global leader in Zero Trust cybersecurity, today announced that ThreatLocker will serve as the lead sponsor of CyberLaunch, Cyber Florida’s annual cybersecurity competition for Florida middle and high school students. The financial support will help cover travel and lodging costs for participating teams, thereby expanding access to the nation’s largest state-sponsored in-person cybersecurity competition.

“Cybercriminals and nation-state actors aren’t slowing down, and we need more people ready to stop them,” ThreatLocker CEO & Co-Founder Danny Jenkins said. “Building that workforce starts with getting students interested early and giving them opportunities like CyberLaunch to develop real skills. My own interest in cybersecurity began in grade school, and we’re proud to support a program that helps foster that same interest in the next generation of cybersecurity professionals.”

Cyber Florida, a state-funded organization housed at the University of South Florida, works to position Florida as a national leader in cybersecurity. Programs like CyberLaunch directly support this mission by strengthening education, advancing research, and building the state’s cybersecurity workforce pipeline.

This year, 500 students representing 63 Florida high schools will compete in CyberLaunch. To qualify, students first participated in a statewide virtual qualifier held last fall, which was free and open to all middle and high school students across Florida. Of the 1,300 students who participated in the virtual qualifier, 500 of the top performers earned invitations to the in-person 2026 CyberLaunch State Championship to take place on April 24 at the University of South Florida’s Tampa campus. The competition features beginner, intermediate, and advanced tracks to accommodate students of all experience levels.

“Florida is becoming the epicenter of forward-thinking cybersecurity companies, driven in part by the growth of organizations like ThreatLocker,” said Cyber Florida Senior Director Ernie Ferraresso. “To sustain that momentum, we must invest in the next generation by creating opportunities for students interested in cybersecurity careers. CyberLaunch plays a key role in expanding access to cybersecurity education across the state.”

About ThreatLocker
ThreatLocker is a global cybersecurity leader that stops cyberattacks before they happen. The company’s Zero Trust Platform prevents breaches from both known and unknown threats by allowing only explicitly trusted software and activity across endpoints, networks, and cloud systems. Built to deploy quickly and scale across complex environments, the platform reduces operational overhead while keeping business running uninterrupted. Headquartered in Orlando, Florida, with offices in Dublin, Dubai, and Brisbane, ThreatLocker protects over 70,000 organizations worldwide.

About Cyber Florida 
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

Contact Data

ThreatLocker Inc
321-515-3813
press@threatlocker.com

Jennifer Kleman
Cyber Florida
863-398-5610
jennifer437@cyberflorida.org
ThreatLocker named lead sponsor for 3rd annual CyberLaunch2026-04-01T13:13:12-04:00

Chrome Zero-Days Threat Advisory

I. Introduction

On 13th March, Google pushed out an emergency security patch to address a pair of critical zero-day vulnerabilities used by attackers to actively exploit the Google Chrome web browser. CVE-2026-3909 and CVE-2026-3910 both carry a high severity CVSS score of 8.8 (a standardized way to measure vulnerabilities’ severity). Both have been confirmed and recognized by Google and Cybersecurity and Infrastructure Security Agency (CISA).

Due to the nature of these flaws existing within the foundation of Chromium code base, that caused these vulnerabilities to be exploited, the attack surface extends beyond Google Chrome. Any browser or application utilizing the Chromium engine is affected, common examples include:

  • Brave
  • Opera
  • Vivaldi
  • Microsoft Edge

The vulnerabilities target two distinct core components:

  • CVE-2026-3909 (Skia Out-of-Bounds Write): An out-of-bounds memory write vulnerability in Skia 2D graphics library, allowing an attacker to remotely corrupt memory leading to browsers crashing or further exploited.
  • CVE-2026-3910 (Inappropriate implementation in V8): A severe critical code injection and memory buffer vulnerability within the V8 JavaScript engine, allowing a remote attacker to execute arbitrary code.

Since these attacks only require a simple click from a victim or to visit a malicious webpage, the risk is immediate; users are urged to update their browsers to mitigate any potential threats.

II. Technical Analysis

Both of these zero-day vulnerabilities target the renderer process, a sandboxed environment responsible for parsing HTML, executing JavaScript, and drawing visual elements on the screen. Since the renderer handles a lot of untrusted data on the web, it is a primary and common target for browser exploitation.

To understand the severity of CVE-2026-3909 and CVE-2026-3910, it is important to look at how the foundational architecture of the Chromium engine manages untrusted web content.

CVE-2026-3909:

Skia Out-of-Bounds (OOB) Write: Skia is a foundational open source 2D graphics library used by Chromium. It renders all visual elements on a webpage: SVG (Scalable Vector Graphics) paths, HTML elements, CSS borders and web fonts.

  • The Vulnerability: An Out-of-Bounds (OOB) write occurs when a program writes data past the intended boundary of an allocated memory buffer. In the case of CVE-2026-3909, a logical flaw in how Skia calculates the memory requirements for specific, complex graphic rendering tasks (likely related to path stroking, matrix transformations, or clipping bounds) results in the allocation of a heap buffer that is too small for the resulting data.
  • An attacker cannot simply crash the browser; they must control the crash to hijack the system. To exploit this Skia flaw, an attacker could use JavaScript to meticulously arrange the browser’s memory layout, also known as “heap grooming” technique. By precisely positioning specific data structures adjacent to the vulnerable Skia buffer, the attacker triggers the OOB to write to overwrite the neighboring data.
  • The attacker’s goal is to overwrite a function pointer or a C++ virtual table (vtable) pointer. Once the browser attempts to use that corrupted pointer for a subsequent graphic operation, the execution flow is redirected to the attacker’s malicious shellcode, granting them control over the renderer process.

CVE-2026-3910

V8 Inappropriate Implementation: V8 is Google’s JavaScript and WebAssembly engine. V8 has a multi-tiered architecture, which relies on an interpreter and “Just-In-Time” optimizing compiler.

  • The Vulnerability: As JavaScript runs, TurboFan monitors the code. If a function is executed repeatedly, TurboFan compiles it into highly optimized machine code. To do this quickly, TurboFan makes strict assumptions (speculative optimization) about the types of variables being used based on past behavior. “Inappropriate implementation” indicates a critical bug where TurboFan’s internal logic incorrectly models the side-effects of a specific JavaScript operation, causing it to drop essential security boundaries (like bounds checks or type checks) in the optimized code.
  • By feeding the optimized function an unexpected data type, the attacker intentionally violates TurboFan’s assumptions. Since the safety checks were compiled out, the engine experiences “type confusion.” For example, the V8 engine might be tricked into treating a raw integer as a memory pointer, or treating a standard array as an array of executable objects.
  • Once type confusion is achieved, the attacker uses it to construct an arbitrary memory read and an arbitrary memory write. The attacker can now scan the V8 heap, locate executable memory pages (often utilizing WebAssembly memory allocations, which are marked as Read/Write/Execute), inject their malicious payload, and execute it.

III. Remediation and Mitigation

Since CVE-2026-3909 and CVE-2026-3910 are being actively exploited in the wild and require no user interaction beyond visiting a malicious webpage, organizations must prioritize immediate remediation.

1. Immediate Remediation: Software Updates

The only definitive method to eliminate the risk posed by these vulnerabilities is to update the affected software. Security and IT operations teams should utilize automated patch management systems to push these updates across their respective networks. 

  • Google Chrome: Verify that all endpoint deployments of Google Chrome are updated to the following versions (or later):

    Windows and macOS: Version 146.0.7680.75 or 146.0.7680.76

    Linux: Version 146.0.7680.75 

  • Chromium-Based Browsers: Ensure that all other approved browsers utilizing the Chromium engine (e.g., Microsoft Edge, Brave, Opera, Vivaldi) are updated to their respective vendors’ patched versions. 
  • Electron Applications: Monitor vendor advisories for desktop applications built on the Electron framework (e.g., Slack, Microsoft Teams) and apply updates as they are released, as these applications bundle the vulnerable Chromium components. 
2. Threat Detection and Hunting 

Security Operations Centers (SOC) should continue to ensure their Endpoint Detection and Response (EDR) platforms are configured to monitor for anomalous behavior originating from browser processes. Specifically, analysts should hunt for: 

  • Unexpected child processes spawning from chrome.exe or msedge.exe (e.g., command shells, PowerShell, or unknown executables). 
  • Browser processes attempting to write executable files to disk outside of standard download directories. 
  • Unexpected network connections initiated by the browser to known Command and Control (C2) infrastructure following a browser crash event. 
  • Monitor for unexpected chrome.exe crashes and Ensure the website or external website is legible. 

VII. References

https://nvd.nist.gov/vuln/detail/CVE-2026-3910

https://nvd.nist.gov/vuln/detail/CVE-2026-3909

https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html

https://www.sentinelone.com/vulnerability-database/cve-2026-3910/

https://www.chromium.org/Home/chromium-security/

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Taylor Alvarez

Chrome Zero-Days Threat Advisory2026-04-01T10:09:15-04:00

Teacher Spotlight: Yoel Mozote

Yoel Mozote

Teacher: Yoel Mozote

District: Miami-Dade County

Yoel Monzote is a cybersecurity and computer science educator at iPrep Academy North in Miami, where he prepares the next generation of digital defenders through real-world instruction in network security, ethical hacking, and IT.

Under his leadership, iPrep Academy North has become a hub for hands-on, competitive learning. His students have earned:

  • 3rd Place (Beginner Level) at CyberLaunch 2025, a statewide competition hosted by Cyber Florida with more than 1,000 participants
  • 1st Place in the Innovate Challenge 2025 district competition, outperforming nine high school programs

Mr. Monzote emphasizes critical thinking, problem-solving under pressure, and technical excellence. He has also secured donated devices so students can practice on real hardware.

He also teaches at Miami Dade College (MDC), where he is known for connecting academic theory with the rigorous demands of today’s cybersecurity industry.

Thanks for all you do, Mr. Monzote!

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

Teacher Spotlight: Yoel Mozote2026-03-30T13:14:36-04:00

Securing Florida’s K-12 Schools Against Cyber Threats

Cyber Florida’s 2025 research examines operational cyber readiness in Florida’s K–12 districts, drawing on semi-structured interviews with IT and cybersecurity leaders from 17 districts. The report highlights vulnerabilities in student privacy protection, incident response, patching and network segmentation, policy gaps, staffing and budget barriers, and vendor risk. Evidence-based findings and practical recommendations guide district leaders, policymakers, and education IT teams to strengthen resilience, compliance, and data-security practices across public schools.

Securing Florida’s K-12 Schools Against Cyber Threats2026-04-08T10:04:39-04:00

CISSP Certification Boot Camp

The Cyber Florida FirstLine Program, in partnership with the Florida Digital Service, is proud to offer a CISSP Certification Boot Camp delivered by The Knowledge Academy. This training is designed to equip participants with the knowledge and preparation needed to pursue the Certified Information Systems Security Professional (CISSP) credential. Participants who complete the boot camp are expected to take the certification exam within 30 days of finishing the course.

Class Date: May 4th -May 8th
Location: Capital Circle Office Complex (specifics will be sent to approved registrants)
Registration is now closed. Please contact FirstLine@cyberflorida.org for additional information.
CISSP Certification Boot Camp2026-05-04T09:52:22-04:00

SEC+ Certification Boot Camp

The Cyber Florida FirstLine Program, in partnership with the Florida Digital Service, is proud to offer a SEC+ Certification Boot Camp delivered by The Knowledge Academy. This training is designed to equip participants with the knowledge and preparation needed to pursue the Security Plus (SEC+) credential. Participants who complete the boot camp are expected to take the certification exam within 30 days of finishing the course.

Class Date: May 11 – May 14
Location: Capital Circle Office Complex (specifics will be sent to approved registrants)
Please note this bootcamp requires approval. Complete the form below to request your seat, and our team will confirm your eligibility.
SEC+ Certification Boot Camp2026-04-11T09:14:59-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2026 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.