News

Virtual Cyber Workshop for Critical Infrastructure, Aug 27, 2025

Virtual Cybersecurity Workshop for Critical Infrastructure

August 27, 2025

Cyber Florida’s Critical Infrastructure Protection (CIP) Workshop brings together public-sector leaders, IT professionals, and emergency managers to tackle real-world cyber threats facing Florida’s essential services. These hands-on sessions deliver practical tools, expert insights, and interactive scenarios designed to help SLTT agencies strengthen their cyber resilience and readiness.

  • Receive actionable recommendations for enhancing compliance with Florida Statute 282.318
  • See an overview of Cyber Florida’s no-cost solutions and services to strengthen your organization’s cyber defenses.
  • Engage in an exciting tabletop exercise hosted by the National Cybersecurity Preparedness Consortium (NUARI), offering hands-on experience in responding to cyber incidents.

Whether you’re securing water systems, transportation networks, or municipal services, these workshops are your front line in building a safer Florida. Don’t miss this chance to improve your cybersecurity posture and resilience!

Virtual Cyber Workshop for Critical Infrastructure, Aug 27, 20252025-06-06T14:42:33-04:00

NIST Report Progress

Photo of Dr. Sriram Chellapan

Sustainable, Hands-on and Multi-disciplinary Cybersecurity Skills Training to Meet Workforce Needs of Critical Infrastructure Sectors in Florida

A Report of Project Progress by Cyber Florida at USF

In Spring 2024, Cyber Florida was awarded a two-year, $200,000 grant from National Institute of Standards and Technology for their project – “Sustainable, Hands-on and Multi-disciplinary Cybersecurity Skills Training to Meet Workforce Needs of Critical Infrastructure Sectors in Florida” as part of their Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development (RAMPS Program).

The overall goals of the project are a) solicit core cybersecurity workforce needs both within and across various critical infrastructure (CI) sectors in Florida; b) analyze and summarize findings across entry level workforce needs; c) design a semester-level and practical/ hands-on cybersecurity training program for students that is to meet entry-level CI workforce needs; d) connect the first cohort of trained students to critical infrastructure sectors via interns and full-time positions; e) evaluate outcomes across multiple metrics including student self-assessment, industry expert assessment, program sustainability and scalability across institutions and CI sectors in FL.

Based on survey responses, we identified tangible gaps in entry level workforce needs across CI sectors in Florida in a broad sense, and started designing a 14 weeks hands on training program for students. The program was also designed keeping in mind the components of the Workforce Framework for Cybersecurity (NICE Framework) published on March 5, 2024 by NIST. The framework is publicly available at and contains Task, Knowledge, and Skill (TKS) Statements; Work Role Categories and Work Roles; and Competency Areas in the realm of cybersecurity workforce. The framework is available at https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center.

We recruited our first cohort of five students for this semester-level program from the newly formed Bellini College of AI, Cybersecurity and Computing (CAICC) at the University of South Florida in January 2025. The five students went through our 14 week program centered on three foundational pillars – a) Basic Security Blue Team Level 1 (BTL1) Training for one month; b) Industrial Control Systems Foundational Course via the Aligned Realistic Cyberattack Simulation (ARCS) platform offered by SimSpace for one month; and c) ICS/SCADA Security Essentials course offered by the SANS institute. Students are eligible for a BTL1 certificate, and a Global Industrial Cyber Security Professional Certification (GICSP) in Industrial Control Systems upon completing a) and c). In addition, throughout the program, students are exposed to backdoors and breaches exercises, participate in mock security operations center (SOC) intelligence briefs, and also read state of the art research papers and trends in cyber centered critical infrastructure protection.

Multiple critical infrastructure entities in Florida participated in student engagement activities in Spring 2025. These include Tampa Airport, Tampa General Hospital, Talquin Coop and Seminole Electric. We have our next cohort of students starting in Fall 2025, and you are welcome to engage with Cyber Florida/ our students in the program. Post training, we expect our students to meet internship and entry-level workforce requirements in cybersecurity for critical infrastructure sectors in Florida.

NIST Report Progress2025-06-04T13:01:30-04:00

CIPP Update: June 2025

CI Mapping

Cyber Florida has employed geospatial analytics and cybersecurity assessments to improve visibility into Florida’s vital infrastructure, enabling more effective coordination, risk mitigation, and rapid response efforts across state agencies.

Leveraging advanced technology to identify critical infrastructures significantly improves state leadership’s situational awareness and decision-making in all-hazards planning and preparedness.

Critical Infrastructure Protection Program Timeline

CIPP Update: June 20252025-06-04T12:43:42-04:00

Student Spotlight: Lucien Civil

Student: Lucien Civil

School: Barbara Goleman Senior High School

District: Miami-Dade

Since joining Barbara Goleman Senior High School, Lucien has become a cornerstone of the cybersecurity magnet program. His dedication to mastering cyber skills is unparalleled. He consistently takes the initiative to explore networking and hacking projects at home and shares his progress enthusiastically.

Beyond his technical pursuits, Lucien shines as a senior member of the Barbara Goleman Band, inspiring younger musicians with his leadership. His dual passion for music and cybersecurity fuels his innovative approach to problem-solving.

According to Lucien, he wants to go into cybersecurity to “utilize his problem-solving skills to solve complex security issues.” Lucien plans to pursue a degree in electrical engineering at FAMU after graduation.

Do you teach a great student who should be featured in our Student Spotlight?
Please complete the form below!

Student Spotlight: Lucien Civil2025-05-28T09:40:16-04:00

Teacher Spotlight: Tim McAllister

Teacher: Tim McAllister

County: Clay

Meet Tim McAllister! Tim is a top cybersecurity teacher in Clay County, Florida. Now entering his third year of teaching, Tim’s journey began at SUNY Maritime College in the Bronx, NY, where he honed his skills aboard various vessels, including tugboats, oil tankers, and dredges. Early on, he recognized how technology and the internet transformed navigation, administration, and record-keeping.

During his deployments around the world with the U.S. Navy, cybersecurity emerged as a mission-critical priority. This knowledge inspired him to establish a cyber team within his Navy JROTC unit at the school where he now teaches, leading them to compete in CyberPatriot for the first time this year.

Tim is excited to integrate Cyber Florida’s offerings into his classroom, helping students explore the vast capabilities, advantages, and vulnerabilities of cyberspace—and sparking their interest in pursuing dynamic careers in the cyber field.

Thanks for all you do, Tim!

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

Teacher Spotlight: Tim McAllister2025-05-21T15:50:06-04:00

Gorilla Bot Malware Analysis

I. Targeted Entities

  • Financial Institutions
  • E-commerce Platforms
  • Cryptocurrency Exchanges
  • Government Agencies
  • Individual Users with High-Value Accounts

II. Introduction

Gorilla Bot is an advanced malware strain first detected in early 2025, specializing in automated credential stuffing, web scraping, and distributed denial-of-service (DDoS) attacks. The malware operates as a botnet-as-a-service, allowing cybercriminals to rent botnet capabilities for various malicious purposes. Gorilla Bot leverages advanced evasion techniques, including rotating IP addresses, encrypted command-and-control (C2) communications, and AI-driven attack automation.

Gorilla Bot traces its lineage to the infamous Mirai botnet, which gained notoriety in 2016 for exploiting Internet of Things (IoT) devices to launch massive DDoS attacks. Mirai’s source code was leaked publicly, leading to the creation of numerous variants. Gorilla Bot is one such derivative, distinguished by its enhanced capabilities and operational sophistication.

While initially believed to have surfaced in late 2024, further research indicates that Gorilla Bot has been active for over a year, suggesting a more prolonged development and deployment phase than previously understood.

Gorilla Bot has been observed infiltrating corporate networks through phishing campaigns and exploiting web application vulnerabilities. Once inside, it rapidly expands by exploiting weak credentials, unpatched software, and misconfigured cloud environments. The malware has been linked to multiple high-profile data breaches, exfiltrating sensitive information from financial institutions and large-scale e-commerce platforms.

III. Additional Background Information

Between September 4 and September 27, 2024, GorillaBot issued over 300,000 attack commands, averaging 20,000 per day. These attacks targeted over 100 countries, with China, the United States, Canada, and Germany being the most affected. Victim sectors included universities, government websites, telecommunications, banking, gaming, and gambling industries. This widespread impact underscores the botnet’s global reach and the diverse range of targets it affects.

The malware’s primary monetization strategies include selling stolen credentials on dark web marketplaces, launching paid DDoS-for-hire attacks, and reselling scraped data to third parties.

Capabilities:

  • UDP Flood: Overwhelms the target with User Datagram Protocol packets.
  • ACK BYPASS Flood: Exploits TCP acknowledgment packets to bypass filters.
  • SYN Flood: Initiates multiple connection requests to exhaust system resources.
  • Valve Source Engine (VSE) Flood: Targets gaming servers using the Valve gaming platform.
  • ACK Flood: Similar to ACK BYPASS but uses acknowledgment packets more broadly.

Mechanics of the Malware:

GorillaBot operates by infecting a diverse array of devices, including routers, IoT gadgets, and cloud hosts. It supports multiple CPU architectures such as ARM, MIPS, x86_64, and x86, allowing it to compromise a wide range of systems. Upon execution, the malware connects to one of five predefined command-and-control (C2) servers to receive instructions.

Service Installation: It creates a service file named custom.service in the /etc/systemd/system/ directory to ensure it runs at system startup.

Script Execution: The malware downloads and executes a shell script (lol.sh) from a remote server, embedding commands in system files like /etc/inittab, /etc/profile, and /boot/bootcmd to maintain its presence.

Anti-Honeypot Measures: GorillaBot includes checks to detect and avoid analysis environments, such as verifying the existence of the /proc filesystem, a common feature in honeypots.

IV. MITRE ATT&CK Tactics and Techniques

  • Initial Access (T1071.001): Gained via phishing emails, malicious browser extensions, and exploit kits.
  • Persistence (T1053.005): Uses scheduled tasks and rootkits to maintain long-term control of infected systems.
  • Credential Access (T1110.003): Conducts large-scale credential stuffing and brute-force attacks.
  • Command and Control (T1095): Employs encrypted channels for stealthy communications with C2 servers.
  • Impact (T1498.001): Executes DDoS attacks to disrupt business operations.

V. Recommendations

To mitigate the risk of Gorilla Bot infections, organizations and individuals should implement the following security measures:

Network and Infrastructure Security

  • Deploy Web Application Firewalls (WAF) to block automated bot traffic.
  • Enable rate-limiting to prevent excessive login attempts.
  • Implement multi-factor authentication (MFA) on all critical accounts.
  • Regularly update software and patch known vulnerabilities.

User Awareness and Training

  • Conduct phishing awareness training to recognize suspicious emails.
  • Warn employees about the risks of using reused passwords across services.

Threat Detection and Monitoring

  • Monitor logs for unusual login attempts and API abuse.
  • Employ behavioral analysis tools to detect automated bot activity.
  • Use IP reputation services to block known malicious addresses.

Incident Response Preparedness

  • Establish a response plan for large-scale DDoS attacks.
  • Ensure data backups are regularly updated and stored securely.

VI. IOCs (Indicators of Compromise)

GorillaBot operates by infecting a diverse array of devices.

Suspicious IP Addresses:

193[.]143[.]1[.]70 (C2 server)

193[.]143[.]1[.]59 (C2 server)

Malicious Domains:

  • gorillabot[.]net
  • auth-bypass[.]cc
  • datastealer[.]ru

File Hashes (SHA-256):

  • e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
  • 1f3870be274f6c49b3e31a0c6728957f6c5d7d17b22f0a073b3e3b8e7f23b07f

VII. Additional OSINT Information

  • Gorilla Bot operators actively recruit on underground forums using aliases such as “ShadowKing” and “BotMasterX.” 
  • The malware is frequently distributed through cracked software downloads and malicious browser extensions. 
  • Security researchers have linked Gorilla Bot’s infrastructure to past cybercrime operations, including ransomware deployment and data exfiltration schemes. 

VIII. References

https://www.thousandguards.com/post/gorilla-strength-denial-of-service-for-work-and-play-industries 

https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html

https://www.darkreading.com/cyberattacks-data-breaches/gorillabot-goes-ape-cyberattacks-worldwide

https://seniortechinfo.com/gorilla-botnet-launches-300k-ddos-attacks-in-100-countries/

Threat Advisory created by The Cyber Florida Security Operations Center. 

Contributing Security Analysts: Nahyan Jamil

To learn more about Cyber Florida visit: www.cyberflorida.org 

Gorilla Bot Malware Analysis2025-05-27T09:30:02-04:00

Cyber Florida Partners with Idaho National Laboratory

General McKenzie and Zach Tudor

Strategic partnership between Idaho National Laboratory and Cyber Florida bolsters cybersecurity, nurtures talent

May 20, 2025—Tampa, Fla—The Center for Cybersecurity at the University of South Florida, commonly known as Cyber Florida, and the Idaho National Laboratory (INL) have agreed to collaborate on critical infrastructure cyber mitigation and workforce development.

INL and Cyber Florida signed a memorandum of understanding to formalize the collaboration late last month.

One of INL’s primary focus areas is securing the nation’s critical infrastructure, while Cyber Florida positions Florida as a national leader in cybersecurity through education, research and outreach.

This agreement allows the state to use INL’s world-class critical infrastructure resiliency and cybersecurity capabilities focused on enhancing local, state and national preparedness in alignment with the Trump administration’s executive order titled, “Achieving Efficiency Through State and Local Preparedness.” The collaboration will focus on cybersecurity risk mitigation, operational technology and industrial control systems, defense industrial base sector cyber risk, workforce development and more.

“Cyber Florida is committed to fostering innovation and developing the next generation of cybersecurity professionals,” said retired Marine Corps Gen. Frank McKenzie, executive director of Cyber Florida. “This partnership with the Idaho National Laboratory underscores our shared dedication to strengthening our nation’s critical infrastructure and advancing the workforce needed to meet emerging cyber threats. Together, we are preparing for the future of cybersecurity in both the public and private sectors.”

INL and the state of Florida have previously collaborated to enhance cybersecurity for critical infrastructure sectors such as energy and transportation. In 2023, Cyber Florida and INL implemented the Critical Infrastructure Risk Assessment, leveraging the Department of Homeland Security’s Cyber Security Evaluation Tool, developed by INL, to analyze the cyber readiness of Florida’s 16 critical infrastructure sectors. The study, conducted on behalf of the Florida Legislature, offered recommendations to improve risk-based decision-making, inform state-level policy and support funding. The same year, INL signed a separate agreement with the state of Florida’s Department of Management Services alongside Florida Lt. Gov. Jeanette Nuñez.

“As states increasingly take on the responsibility of protecting both physical and cyber infrastructure, INL is poised to support local risk-informed decision-making across the country,” said Zach Tudor, associate laboratory director for National and Homeland Security at INL. “Florida’s critical infrastructure network is vast and expansive, and our collaboration aims to enhance its resilience and security ensuring the state’s critical functions remain dependable.”

About Idaho National Laboratory
Battelle Energy Alliance manages INL for the U.S. Department of Energy’s Office of Nuclear Energy. INL is the nation’s center for nuclear energy research and development, and also performs research in each of DOE’s strategic goal areas: energy, national security, science and the environment. For more information, visit www.inl.gov. Follow us on social media: FacebookInstagramLinkedIn and X.

About Cyber Florida at USF
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

Media Contacts
Jennifer Kleman, 863-398-5610, jennifer437@cyberflorida.org
Lisa Wilmore, 616-540-8348, lisa.wilmore@inl.gov

Cyber Florida Partners with Idaho National Laboratory2025-05-21T08:23:45-04:00

Cyber Florida Partners with CyberUSA

Cyber Florida at USF Partners with CyberUSA, Strengthening National Cybersecurity Collaboration

May 20, 2025—Tampa, Fla—Cyber Florida at USF has partnered with CyberUSA, marking a significant step toward enhancing national cybersecurity coordination and resilience. This partnership will focus on information sharing, workforce development, and critical infrastructure protection.

Cyber Florida at USF, established by the Florida Legislature and housed at the University of South Florida’s Tampa campus, is dedicated to positioning Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. The organization works across public and private sectors to lead workforce development programs, advance applied research, and conduct outreach to enhance cyber safety and resiliency throughout the state.

“CyberUSA is thrilled to partner with Cyber Florida,” said Adam Rak, executive director of CyberUSA. “Their leadership in cybersecurity education and innovation will greatly enhance our collective efforts to strengthen the nation’s cyber defenses.”

James Jacobs, director of partnerships & policy at Cyber Florida, emphasized the significance of the collaboration: “Partnering with CyberUSA enables us to collaborate across the country in efforts to enhance cybersecurity. We are excited to share our expertise with CyberUSA.”

Ernie Ferraresso, senior director of Cyber Florida, emphasized the strategic importance of the partnership. “In our interconnected world, cybersecurity is a shared responsibility. Our partnership with CyberUSA underscores our commitment to collaborative solutions that protect our state and nation’s digital infrastructure.”

About Cyber Florida at USF
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

For more information about Cyber Florida, visit https://cyberflorida.org/

About CyberUSA
CyberUSA is a trusted forum where American organizations can collaborate on solutions to protect us all. By transcending local, state, and national security silos, we ensure that leaders and practitioners have the best possible resources to safeguard their assets.

CyberUSA membership amplifies cyber defense effectiveness through a community of communities that scales and accelerates information sharing to an unprecedented level. Membership provides access to reliable resources available nowhere else, including a national threat-sharing platform. The organization is dedicated to proactive coordination of public and private efforts to shape the education, innovation, and policy landscapes at the regional and federal levels.

For more information about CyberUSA, visit https://www.cyberusa.us/

Media Contacts

Cyber Florida: Cyber Outreach Manager Jennifer Kleman, APR, CPRC jennifer437@cyberflorida.org

CyberUSA: ‍CyberUSA Public Relations Jennifer Priest jpriest@virtualinc.com

Cyber Florida Partners with CyberUSA2025-05-21T08:24:04-04:00

Apache Tomcat RCE Vulnerability (CVE-2025-24813)

I. Targeted Entities

Systems and applications using Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, 9.0.0.M1 through 9.0.98.

II. Introduction

CVE-2025-24813 describes a vulnerability in Apache Tomcat which would allow a malicious actor to perform a variety of attacks such as remote code execution, information disclosure, and injecting malicious payloads or content into uploaded files. This type of vulnerability is caused by improper handling of path equivalence, which normally ensures that different file paths point to the same resource. This improper handling within the Default Servlet is related to write-enabled configurations in Apache Tomcat and it impacts several versions of the application prior to the fix.

III. Additional Background Information

CVE-2025-24813 is a vulnerability affecting Apache Tomcat that can occur when the default servlet is configured to allow write functionality which is normally disabled by default. This vulnerability can be exploited when combined with the default behavior of allowing for partial PUT requests. In this scenario, an attacker could upload a specially crafted serialized session file, or simply, a malicious payload, to a writable directory within the system. Once the file is uploaded, a subsequent HTTP request triggers Tomcat to deserialize the file’s contents, executing the embedded malicious payload.

While exploiting CVE-2025-24813 can lead to significant impact, successful remote code execution requires several prerequisites:

  1. Write Capability on the Default Servlet: The default servlet has to be explicitly configured to allow write functionality, which is not normally enabled by default.
  2. Partial PUT Requests: The target system must allow for partial PUT requests.
  3. File-Based Session Persistence: The web application has to use file-based session persistence with a default storage location, providing an accessible and writable directory for uploading malicious payloads.
  4. Deserialization Vulnerability: The application must have a deserialization-vulnerable library which would enable the malicious payload to be executed during the deserialization process.
  5. Knowledge of Internal File System: The attacker needs to understand the file naming conventions and directory structure of the target system for successful exploitation of the vulnerability.

IV. MITRE ATT&CK

  • T1006 – File System Logical Link
    T1006 or File System Logical Link refers to when adversaries have the ability to create symbolic links or shortcuts to files in order to abuse the way some operating systems handle file paths.This is relevant since CVE-2025-24813 involves manipulating file paths to access and modify unintended files, fitting the pattern of abusing file system logical links.

V. Recommendations

To mitigate attacks leveraging this vulnerability, these are the recommendations for CVE-2025-24813:

Upgrading Apache Tomcat to a Patched Version

By immediately upgrading to:

  • Tomcat 0.99 (for 9.x series)
  • Tomcat 1.35 (for 10.x series)
  • Tomcat 0.3 (for 11.x series)

It provides a fix for the improper handling of partial PUT requests and path equivalency issues that could be exploited for remote code execution or file manipulation.

Disabling Partial PUT Support

Configure Tomcat to disallow partial PUT requests, which allow clients to send file content in chunks or ranges. Recommended actions include:

  • Modifying Tomcat’s configuration files (server.xml and/or web.xml) to block or ignore PUT methods if your application doesn’t use them.
  • Implementing an HTTP filter to reject incoming PUT requests altogether (unless those requests are required for your needs)

Since this vulnerability exploits partial PUT behavior to inject content into files. If partial PUT is not supported, this attack vector is closed.

Restricting Default Servlet Write Permissions

Ensure that the default servlet (the part of Tomcat that serves static files) cannot accept uploads or write to sensitive directories. To do so, you must:

  • Tighten file system permissions (chmod, chown) to ensure Tomcat processes run with minimal privileges.
  • Ensure the /webapps directory and static content directories are read-only unless absolutely necessary.
  • Review DefaultServlet configuration for <init-param> like readonly and set it to true.

If the default servlet has write permissions, attackers could upload or modify arbitrary files which could lead to defacement, data theft, or execution of malicious scripts.

Enforcing Strong Web Application Firewall (WAF) Policies

You should deploy or tune your WAF to:

  • Detect and block unusual PUT, PATCH, or malformed HTTP methods.
  • Flag requests targeting .jsp, .war, or sensitive file types.

Having a WAF can act as an additional protective layer by stopping attacks even if Tomcat is not yet patched or misconfigured.

Monitoring Server Logs Aggressively

Continuously monitor access logs (e.g., access_log, catalina.out) and security logs for:

  • Unexpected PUT or PATCH requests.
  • External requests targeting .jsp files in unusual locations.

Early detection of attempts allows you to respond quickly to intrusions before they escalate. Using tools such as Splunk, ELK stack, or Wazuh can make for efficient log review and analysis, with trigger alerts on anomalies.

VI. IOCs (Indicators of Compromise)

Type Indicator
File System Anomalies Presence of unexpected .jsp files in the web server root directory
Suspicious HTTP Requests External POST or GET requests targeting suspicious .jsp files
Suspicious HTTP Methods Occurrence of unexpected PUT requests in web server logs
Malicious Upload Attempts Evidence of malicious payloads being delivered via PUT requests
WAF Detection Triggered Web Application Firewall (WAF) rules indicating attempts to upload or execute unauthorized files

Figure 1: Table of IOCs

Figure 2: File paths of attack payloads (using .session extensions)

Figure 3: Payload in the request body, attempting to call the .session file (Akamai)

VII. Additional OSINT Information

Figure 1: Exposed Tomcat instances on Shodan showing being geolocated in China, Brazil, Morroco, and the U.S (Recorded Future

Figure 2: Proof of Concept for exploiting CVE-2025-24813 (GitHub – absholi7ly)

Figure 3: Signature for CVE-2025-24813 (Recorded Future)

VIII. References

Absholi7ly. (2025, March 22). POC-CVE-2025-24813: Proof of concept for CVE-2025-24813 in Apache Tomcat [Source code]. GitHub. https://github.com/absholi7ly/POC-CVE-2025-24813

Apache Software Foundation. (2025, March 10). CVE-2025-24813 Detail. National Vulnerability Database. https://nvd.nist.gov/vuln/detail/CVE-2025-24813

Detecting and mitigating Apache Tomcat CVE-2025-24813 | Akamai. Akamai Security Intelligence Group. (2025, March 25). https://www.akamai.com/blog/security-research/march-apache-tomcat-path-equivalence-traffic-detections-mitigations

Group, I. (2025, March 28). Apache tomcat: CVE-2025-24813: Active exploitation. Recorded Future. https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis

[SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT. Lists.apache.org. (2025, March 10). https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq

Threat Advisory created by The Cyber Florida Security Operations Center.

Contributing Security Analysts: Jason Doan

To learn more about Cyber Florida visit: www.cyberflorida.org

Apache Tomcat RCE Vulnerability (CVE-2025-24813)2025-05-13T14:58:12-04:00

No Password Required Podcast Episode 59 — Mariana Padilla

No Password Required Podcast Episode 59 — Mariana Padilla

Mariana Padilla — CEO of HACKERverse.ai, Disruptor of Cybersecurity Sales and Most Other Things

On this episode, we sit down with Mariana Padilla, CEO and Co-Founder of HACKERverse.ai—an AI-driven platform transforming how cybersecurity solutions are tested and purchased. From her early days in education and nonprofits to building a career in cybersecurity marketing, Mariana has always sought to challenge inefficiency and champion innovation. From the helm of HACKERverse, she’s helping security buyers make smarter, data-driven decisions while eliminating the friction of traditional vendor sales.

She joins hosts Jack Clabby of Carlton Fields, P.A., and resident cybersecurity expert Kayley Melton, Director of Strategic Initiatives at the Cognitive Security Institute, to explore how her self-proclaimed status as a “bad employee” shaped her leadership approach, why passive aggression is her ultimate pet peeve, and how adopting a beginner’s mindset has helped her scale quickly in a complex industry. Mariana also reveals how her team is tackling the trust gap in cybersecurity sales—by letting the product speak for itself.

In the Lifestyle Polygraph segment, Kayley asks Mariana who she would hire if resumes for Superman and Batman landed on her desk. Her answer took us down a dark-night path we didn’t see coming.

Follow Mariana Padilla on LinkedIn: https://www.linkedin.com/in/marianapadilla/

No Password Required Podcast Episode 59 — Mariana Padilla2025-05-09T10:45:48-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.