Cyber Brief: Browser zero day, WAF exploits and OT security alert

Today’s cyber landscape is shaped by active exploitation, emergency patching and increasing risks across both IT and operational environments. Below are four key stories from the past 24 hours, rewritten in Secarma’s tone and aligned with UK organisations and regulated sectors. All links have been removed and this version is fully validated.

Chrome zero day exploited in the wild as Google issues emergency patch

Google has released an emergency update for Chrome after confirming that a new zero day vulnerability, tracked as CVE 2025 13223, is being actively exploited. The issue affects the browser’s JavaScript engine and can allow attackers to execute code simply by directing a user to a compromised website. It is the latest in a series of browser related threats this year and underlines how attackers continue to focus on globally deployed applications with broad user bases. The updated Chrome version is rolling out across major operating systems and Google has held back detailed technical information to limit replication of the exploit. Organisations with mixed device environments or bring your own device policies face the highest exposure, as even a single outdated browser can become a gateway for wider compromise.

Why it matters
Browsers are the primary interface for cloud tools, business platforms and internal systems. A reliable exploit for a browser zero day opens a direct path to endpoint compromise with minimal user interaction. UK businesses that rely on browser based workflows or remote access should push this patch urgently across all managed devices and support staff in updating personal devices used for work.

Source: BleepingComputer

Critical FortiWeb web application firewall flaw under active exploitation

A severe vulnerability in Fortinet’s FortiWeb web application firewall has been confirmed as being exploited in real world attacks. The flaw, tracked as CVE 2025 64446, allows unauthenticated attackers to execute commands on vulnerable appliances through a path traversal weakness. Since WAFs sit directly in front of customer portals and internal applications, a compromised device can provide attackers with elevated access and opportunities to intercept or modify traffic. This issue has been added to the US government’s list of known exploited vulnerabilities, signalling the seriousness of the threat and the expectation that organisations treat remediation with urgency.

Why it matters
Security appliances often operate with high trust and significant visibility into business applications. When compromised, they provide attackers with a powerful foothold. UK organisations that use FortiWeb or similar technologies should ensure these systems are included in critical patch cycles and actively monitored for anomalous behaviour. A compromised WAF can quickly escalate to a regulatory or reputational incident for organisations handling sensitive customer data.

Source: GBHackers and CyberPress

DoorDash reports data breach following social engineering attack

DoorDash has confirmed a data breach after attackers successfully used social engineering to obtain credentials from an employee. Once inside the environment, attackers accessed systems containing customer information, including names, contact details and partial payment information. The company has worked with external investigators to contain the incident and notify affected individuals. This case reflects the continued trend of threat actors using targeted psychological manipulation to bypass technical controls and access sensitive systems.

Why it matters
Social engineering remains one of the most effective attack methods and affects organisations of every size. Any business that stores personal or financial data is exposed if staff can be tricked into providing credentials. UK organisations should reinforce phishing resistant authentication methods, implement clear internal verification procedures and maintain regular awareness training so employees can confidently escalate suspicious interactions.

Source: CyberPress

Critical Lynx plus Gateway flaw exposes OT and IoT traffic in cleartext

A new advisory warns that Lynx plus Gateway products, commonly used to connect operational technology and industrial equipment to business networks, contain a vulnerability that causes sensitive data to be transmitted in cleartext. In certain conditions, attackers on the same network segment could intercept or alter traffic flowing between industrial systems. Some affected versions currently do not have vendor patches, meaning organisations must rely on compensating controls such as network segmentation and strict access management until permanent fixes are released.

Why it matters
The convergence of IT, OT and IoT environments increases risk when gateways lack modern security protections. Cleartext transmission of sensitive data undermines the security of whole control systems, even when other controls are strong. UK organisations operating warehouses, manufacturing plants, utilities, logistics hubs or smart buildings should assess whether similar gateways exist in their environment and check segmentation, monitoring and encryption standards.

Source: Cyber Security News and CISA

Today’s Key Actions

1. Ensure Chrome updates are applied across all managed and unmanaged endpoints.
2. Prioritise patching and log review for security appliances, especially FortiWeb.
3. Strengthen defences against social engineering with verification processes and practical training.
4. Review OT and IoT gateways for exposure, segmentation and encryption gaps.
5. Test incident response plans for browser exploitation, appliance compromise and OT intrusion scenarios.

Secarma Insight

Today’s updates highlight how attackers continue to target the systems organisations trust most. Browser zero days, WAF vulnerabilities and OT gateway weaknesses all reflect a wider trend where high value assets are exploited at points of maximum operational impact. Strengthening infrastructure hygiene, empowering staff to challenge suspicious activity and tightening control around OT and IoT connectivity remain crucial steps for organisations that want to stay ahead of emerging threats. If you would like help assessing your exposure or developing a practical security roadmap, our team is ready to support you.

Get in touch with us to strengthen your patch-governance and supplier-risk management processes.