This Week in Tech Risk: What Australian SMBs Should Know About Emerging Cyber Threats

The cyber landscape is evolving fast – here’s what’s new and actionable for your business.

Introduction

Across the last week, new vulnerabilities and threat trends have emerged that directly affect small to mid-sized businesses. From critical zero-days in popular enterprise platforms to AI-powered phishing and high-impact botnets, the risks and opportunities are shifting.

Security isn’t just a tech concern anymore – it’s now part of business survival. The good news is that most threats come with practical defences you can adopt right now, even on limited budgets.

Below are five key stories you should know.

1. Fortinet FortiCloud SSO Zero‑Day Exploited in the Wild

Security teams have reported active exploitation of a critical authentication bypass vulnerability (CVE‑2026‑24858) in Fortinet FortiOS and related products, with attackers creating backdoor admin accounts and extracting config files. This vulnerability carries a severe rating and has been added to CISA’s Known Exploited Vulnerabilities catalog. According to industry advisories, patches were rolled out at the end of January after Fortinet disabled affected services temporarily to stop the attacks. 

Why it matters: - Fortinet equipment is common in small and mid-size organisations for VPNs and firewalls. - Exploiting this flaw could give attackers administrative control over your network security appliances.

Recommendations: - Apply Fortinet’s patches immediately if you use FortiOS, FortiManager or FortiWeb with Cloud SSO. - Temporarily disable FortiCloud SSO if patching isn’t yet feasible. - Monitor admin account creation and configuration changes closely. - Review and tighten your VPN and firewall settings. - Consider network segmentation to limit blast radius.

2. Microsoft Office Zero‑Day (CVE‑2026‑21509) Being Actively Exploited

A new high-severity Office zero‑day is being used in attacks only days after Microsoft released an emergency patch. The flaw lets attackers bypass Office’s security features by embedding malicious content in documents. Industry alerts urged immediate patching of Office versions 2016, 2019, LTSC and Microsoft 365 Apps. For organisations unable to patch immediately, registry-based mitigations are available. 

Why it matters: - Microsoft Office is ubiquitous, and targeted attacks often ride on legitimate-looking documents. - Small teams may lag patches.

Recommendations: - Ensure all Office workstations are updated, including legacy versions. - Disable document preview in email and file-sharing tools. - Educate staff on not opening unexpected attachments. - Apply registry-based mitigations if patching is delayed. - Block macros or embedded objects from untrusted sources.

3. Critical n8n Workflow Automation Vulnerability (CVE‑2026‑21858)

A critical vulnerability in the n8n automation platform allows unauthenticated remote code execution due to confusion in how Content-Type headers are handled. With n8n widely used in small and mid-sized enterprises to automate workflows, this flaw – rated CVSS 10.0 – leaves exposed instances open to full compromise. Security scans show thousands of active and exposed n8n instances globally. 

Why it matters: - Small and mid-size businesses often deploy automation tools without fully secured configuration. - An exposed automation platform could give attackers deep access to other systems.

Recommendations: - Identify if your organisation uses n8n; isolate or disable exposed public instances. - Apply patches or follow guidance from n8n’s security team. - Restrict access via VPN or IP allow lists. - Audit workflows to minimise sensitive credentials stored in the platform. - Monitor logs and unusual process activity.

4. Two Zero‑Days in Ivanti EPMM Actively Exploited (CVE‑2026‑1281 & 1340)

Ivanti’s Endpoint Manager Mobile for on-premises environments has two critical vulnerabilities being exploited in the wild. They allow unauthenticated remote code injection, potentially exposing admin data and user location. One of them has already been added to the CISA Known Exploited catalog with a very tight remediation deadline for federal agencies. Interim patches are available, with permanent fixes scheduled in Q1 2026. 

Why it matters: - Many SMBs use MDM platforms like Ivanti to manage mobile security. - Exploits here can lead to escalations and data theft from mobile endpoints.

Recommendations: - Apply interim patches now and track permanent updates. - Segment EPMM infrastructure separately from core network. - Tighten access to MDM consoles. - Monitor device registration and unusual admin activity. - Confirm multi-factor authentication is enforced for admin access.

5. AI‑Powered Phishing and Botnet Growth

Phishing activity is now being powered and scaled by AI, generating highly personalised campaigns that avoid detection. In addition, the Kimwolf botnet has grown to over two million Android devices—including smart TVs and cheap streamers—exploiting supply‑chain vulnerabilities. That makes it a potent tool for large-scale DDoS. 

Why it matters: - SMBs are often targeted via phishing to gain credentials or internal access. - Even non-business devices like smart TVs on office networks can be recruited for botnets.

Recommendations: - Train all staff on spotting personalised or AI-generated phishing attempts. - Use email filters capable of detecting polymorphic campaigns. - Segment IoT devices and avoid mixing them with production networks. - Apply vendor updates to devices before deployment. - Monitor outbound traffic from unexpected devices.

What This Means For Your Business

Taken together, these stories highlight that the threat landscape is both active and evolving fast. Critical vulnerabilities are being exploited within days, and even legitimate tools in your business can introduce risk if not carefully managed. But the defence remains accessible and practical.

Your most powerful defences are patching and visibility – know what’s on your network, apply fixes quickly, and monitor for unusual activity. Training and segmentation help prevent that unfortunate click from becoming a full-blown breach. And while advanced platforms like n8n or Ivanti offer efficiencies, they must be deployed with equal vigilance.

For Australian SMBs, the message is clear: cybersecurity doesn’t have to be costly or complex to be effective. Start with these five actions:

• Audit your environment now: list Office, Fortinet, n8n, Ivanti deployments, and smart devices.
• Prioritise patching critical vulnerabilities, especially those already exploited.
• Improve monitoring and access control: restrict exposure by default.
• Train teams to recognise AI-powered phishing.
• Review network segmentation and backup strategies.

Get ahead of the risk curve with vigilance, small investments, and smart policies. Your business’s reputation and continuity depend on it.

Call Webwire on 08 9386 0053 or contact us at enquiries@webwire.com.au.