Security Alerts & Advisories
Active threats, phishing warnings, and recommended actions for ATS Systems clients. Managed service clients receive direct notifications — this page is updated when active threats affect our region.
Security Alerts & Advisories
Active threats, phishing warnings, and recommended actions for ATS Systems clients. Managed service clients receive direct notifications — this page is updated when active threats affect our region.
CVE Watch — Business Software
Recent vulnerabilities affecting software commonly used by Australian businesses. Managed service clients are patched proactively — if you're unsure whether your systems are affected, call 07 3523 3660.
-
CVE-2026-21509 CVSS 7.8 — High Exploited in Wild Patch Available Microsoft
Microsoft Office OLE Security Feature Bypass
Allows attackers to bypass OLE security mitigations in Microsoft 365 and Office via a specially crafted document. Exploited by APT28 in targeted phishing campaigns using weaponised RTF files. Microsoft released an emergency out-of-band patch on 26 Jan 2026. Office 2021+ users are automatically protected; Office 2016/2019 users must apply the patch manually.
26 Jan 2026 CISA KEVMicrosoft Office Phishing Zero-Day -
CVE-2026-21510 CVSS 8.8 — High Exploited in Wild Patch Available Microsoft
Windows Shell Security Feature Bypass (SmartScreen)
Attackers can trick users into clicking a malicious link or shortcut to bypass SmartScreen protections, allowing attacker-controlled content to execute without warning. Reported as under widespread active exploitation. Patched in the February 2026 Patch Tuesday cumulative update — apply immediately.
11 Feb 2026 CISA KEVWindows SmartScreen Phishing -
CVE-2026-21514 CVSS 7.8 — High Exploited in Wild Patch Available Microsoft
Microsoft Word Security Feature Bypass (OLE Mitigations)
Allows attackers to circumvent OLE mitigations within Microsoft 365 and Office by convincing a user to open a crafted Office file. Makes security decisions based on untrusted input, undermining built-in protections against risky COM/OLE behaviour. Patched in the February 2026 Patch Tuesday cumulative update.
11 Feb 2026 CISA KEVMicrosoft Word Office 365 OLE Bypass -
CVE-2026-21513 CVSS 8.8 — High Exploited in Wild Patch Available Microsoft
MSHTML Framework Security Feature Bypass
A malicious HTML file or shortcut (.lnk) delivered through a link, email attachment, or download can bypass security protections in the MSHTML rendering engine used across Windows. Publicly disclosed and exploited before patch availability. Patched in the February 2026 Patch Tuesday cumulative update.
11 Feb 2026 CISA KEVWindows MSHTML Zero-Day -
CVE-2026-23800 CVSS 9.8 — Critical Exploited in Wild Patch Available WordPress
WordPress Plugin — REST API Unauthenticated User Creation
Allows unauthenticated attackers to create administrator accounts via the WordPress REST API through a vulnerable plugin. Enables full site takeover including web shell deployment and configuration changes. Plugin updates are available — update all WordPress plugins immediately and audit user accounts for unauthorised additions.
Jan 2026 CISA KEVWordPress Web Hosting Auth Bypass -
CVE-2026-23760 CVSS 9.8 — Critical Exploited in Wild Patch Available SmarterTools
SmarterMail — Unauthenticated Admin Password Reset
Exposes privileged password reset functionality to anonymous callers. An attacker can reset the system administrator password without authentication, enabling complete mail server takeover. SmarterTools released an emergency update in late December 2025 — upgrade immediately if running self-hosted SmarterMail.
Jan 2026 CISA KEVEmail Server SmarterMail Auth Bypass -
CVE-2026-21858 CVSS 10.0 — Critical Patch Available n8n
n8n Workflow Automation — Unauthenticated Remote Code Execution
Critical RCE affecting self-hosted n8n automation instances. Allows unauthenticated attackers to take over locally deployed servers via webhook content-type confusion. Fixed in n8n version 1.121.0 — upgrade immediately. No workarounds are available for older versions.
6 Jan 2026Automation Self-Hosted RCE -
CVE-2025-8671 CVSS 9.8 — Critical Patch Available React / Next.js
React Server Components — Unauthenticated Remote Code Execution ("React2Shell")
Affects React 19 and frameworks like Next.js. A single crafted HTTP request can achieve unauthenticated RCE on servers using React Server Components. Patched framework versions are available — upgrade immediately. Treat all environment variables on previously affected servers as compromised and rotate credentials.
Dec 2025Web Hosting React / Next.js RCE
CVE Watch — Business Software
Recent vulnerabilities affecting software commonly used by Australian businesses. Managed service clients are patched proactively — if you're unsure whether your systems are affected, call 07 3523 3660.
-
CVE-2026-21509 CVSS 7.8 — High Exploited in Wild Patch Available Microsoft
Microsoft Office OLE Security Feature Bypass
Allows attackers to bypass OLE security mitigations in Microsoft 365 and Office via a specially crafted document. Exploited by APT28 in targeted phishing campaigns using weaponised RTF files. Microsoft released an emergency out-of-band patch on 26 Jan 2026. Office 2021+ users are automatically protected; Office 2016/2019 users must apply the patch manually.
26 Jan 2026 CISA KEVMicrosoft Office Phishing Zero-Day -
CVE-2026-21510 CVSS 8.8 — High Exploited in Wild Patch Available Microsoft
Windows Shell Security Feature Bypass (SmartScreen)
Attackers can trick users into clicking a malicious link or shortcut to bypass SmartScreen protections, allowing attacker-controlled content to execute without warning. Reported as under widespread active exploitation. Patched in the February 2026 Patch Tuesday cumulative update — apply immediately.
11 Feb 2026 CISA KEVWindows SmartScreen Phishing -
CVE-2026-21514 CVSS 7.8 — High Exploited in Wild Patch Available Microsoft
Microsoft Word Security Feature Bypass (OLE Mitigations)
Allows attackers to circumvent OLE mitigations within Microsoft 365 and Office by convincing a user to open a crafted Office file. Makes security decisions based on untrusted input, undermining built-in protections against risky COM/OLE behaviour. Patched in the February 2026 Patch Tuesday cumulative update.
11 Feb 2026 CISA KEVMicrosoft Word Office 365 OLE Bypass -
CVE-2026-21513 CVSS 8.8 — High Exploited in Wild Patch Available Microsoft
MSHTML Framework Security Feature Bypass
A malicious HTML file or shortcut (.lnk) delivered through a link, email attachment, or download can bypass security protections in the MSHTML rendering engine used across Windows. Publicly disclosed and exploited before patch availability. Patched in the February 2026 Patch Tuesday cumulative update.
11 Feb 2026 CISA KEVWindows MSHTML Zero-Day -
CVE-2026-23800 CVSS 9.8 — Critical Exploited in Wild Patch Available WordPress
WordPress Plugin — REST API Unauthenticated User Creation
Allows unauthenticated attackers to create administrator accounts via the WordPress REST API through a vulnerable plugin. Enables full site takeover including web shell deployment and configuration changes. Plugin updates are available — update all WordPress plugins immediately and audit user accounts for unauthorised additions.
Jan 2026 CISA KEVWordPress Web Hosting Auth Bypass -
CVE-2026-23760 CVSS 9.8 — Critical Exploited in Wild Patch Available SmarterTools
SmarterMail — Unauthenticated Admin Password Reset
Exposes privileged password reset functionality to anonymous callers. An attacker can reset the system administrator password without authentication, enabling complete mail server takeover. SmarterTools released an emergency update in late December 2025 — upgrade immediately if running self-hosted SmarterMail.
Jan 2026 CISA KEVEmail Server SmarterMail Auth Bypass -
CVE-2026-21858 CVSS 10.0 — Critical Patch Available n8n
n8n Workflow Automation — Unauthenticated Remote Code Execution
Critical RCE affecting self-hosted n8n automation instances. Allows unauthenticated attackers to take over locally deployed servers via webhook content-type confusion. Fixed in n8n version 1.121.0 — upgrade immediately. No workarounds are available for older versions.
6 Jan 2026Automation Self-Hosted RCE -
CVE-2025-8671 CVSS 9.8 — Critical Patch Available React / Next.js
React Server Components — Unauthenticated Remote Code Execution ("React2Shell")
Affects React 19 and frameworks like Next.js. A single crafted HTTP request can achieve unauthenticated RCE on servers using React Server Components. Patched framework versions are available — upgrade immediately. Treat all environment variables on previously affected servers as compromised and rotate credentials.
Dec 2025Web Hosting React / Next.js RCE
External Resources
External Resources
If You Suspect a Threat
-
1
Stop and Disconnect
Don't click any further links or open attachments. If you've already clicked something suspicious, disconnect your device from the network (unplug the Ethernet cable or turn off Wi-Fi).
-
2
Call Us Immediately
Ring 07 3523 3660 and describe what happened. For security incidents, calling is always faster than email. Our team will guide the next steps.
-
3
Don't Delete the Evidence
Keep the suspicious email, message, or browser tab open. Screenshots help. Our team needs to see the original content to assess the threat and protect other users.
-
4
Change Your Passwords
If you entered credentials on a suspicious page, change that password immediately — plus any other accounts using the same password. Use your password manager to generate a new one.
If You Suspect a Threat
-
1
Stop and Disconnect
Don't click any further links or open attachments. If you've already clicked something suspicious, disconnect your device from the network (unplug the Ethernet cable or turn off Wi-Fi).
-
2
Call Us Immediately
Ring 07 3523 3660 and describe what happened. For security incidents, calling is always faster than email. Our team will guide the next steps.
-
3
Don't Delete the Evidence
Keep the suspicious email, message, or browser tab open. Screenshots help. Our team needs to see the original content to assess the threat and protect other users.
-
4
Change Your Passwords
If you entered credentials on a suspicious page, change that password immediately — plus any other accounts using the same password. Use your password manager to generate a new one.
Common Questions
Managed service clients receive direct notifications by email and phone for critical threats. For high-severity issues, our team applies protective measures proactively — often before clients are aware of the threat. All advisories are also published on this page.
Do not click any links or open attachments. Forward the suspicious email to your ATS Systems technician or call 07 3523 3660. If you've already clicked a link or entered credentials, disconnect from the network and call us immediately.
Yes. For critical vulnerabilities and active threats, our team applies patches, blocks malicious domains, and updates email filtering rules proactively. Managed service clients receive priority protection and are typically secured before advisories are published here.
Advisories are published as active threats emerge that affect businesses in our region. There's no fixed schedule — updates happen in response to real threats. The regional threat level at the top of this page reflects the current overall risk.
Visit the Australian Cyber Security Centre (ACSC) for national threat intelligence and guidance. For advice specific to your business, call us on 07 3523 3660 and ask about a security assessment.
Concerned About a Threat?
Don't wait — call our Brisbane team directly. For active security incidents, phone is always the fastest way to get help.
Call 07 3523 3660 Send a MessageConcerned About a Threat?
Don't wait — call our Brisbane team directly. For active security incidents, phone is always the fastest way to get help.
Call 07 3523 3660 Send a Message