Cyber Brief: 7-Zip Flaws, GoAnywhere Exploited and UK OT Risk

Each new day brings shifting cyber risks and new defensive lessons. In today’s Cyber Brief, we spotlight three developments UK organisations should act on – from zero-day exploits to software end-of-support warnings and industrial system exposure.

7-Zip vulnerabilities allow remote code execution

Security researchers have disclosed two high-severity flaws in 7-Zip (CVE-2025-11001 & CVE-2025-11002) which allow crafted archives to execute code outside their extraction directory, potentially overwriting arbitrary files. The patch (7.01 or newer) addresses how symbolic links are handled.
Why it matters: 7-Zip is widely used in both corporate and user environments. A compromised system via archive could become a stepping stone for deeper intrusion.
Source: Tom’s Hardware / ZDI

GoAnywhere MFT under active ransomware exploitation

Microsoft confirmed that a zero-day in GoAnywhere MFT (CVE-2025-10035) is currently being abused by the Storm-1175 / Medusa ransomware group. Attackers exploit a license-response deserialization flaw to inject malicious payloads.
Why it matters: Managed file-transfer systems process sensitive data flows. If exploited, they can become gateways to exfiltration or downstream system compromise.
Source: TechRadar

UK operational-technology sector flagged for growing risk

A new advisory warns of systemic risk in UK OT/ICS environments, citing increased connectivity, aging systems, and poor segmentation as enabling threat paths. Organisations are urged to review architecture, network isolation, and vendor exposure.
Why it matters: UK regulated sectors – including utilities, manufacturing, and infrastructure – often rely on OT/ICS systems. Compromise here can lead to both cyber and physical disruption.
Source: Pinsent Masons / Out-Law

🔍 Today’s Key Actions

1. Update all 7-Zip installations to 7.01 or newer, especially on critical systems or user endpoints.
2. Prioritise patching or mitigating the GoAnywhere MFT vulnerability; check logs for indicators such as SignedObject.getObject.
3. Conduct an OT exposure audit – identify ICS/OT systems with direct internet access or weak segmentation.
4. Review your supplier/contractor technology stack for OT/ICS components and request their latest security status.

💬 Secarma Insight

Cyber resilience isn’t static – it evolves with new threats and shifting architectures. Through Secarma’s ACT Framework – Advise, Certify, Test – we help organisations move from reactive scramble to structured security maturity.
If today’s reports hit close to home, get in touch to discuss how we can help you strengthen assurance and readiness

Get in touch with us to start a conversation about your organisation’s security journey.