TL;DR

CISA has added multiple actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalogue in April 2026, including critical flaws in Ivanti, Fortinet, WordPress, and Microsoft products. If your business runs any of these — and most Australian SMBs do — you have a narrow window to patch before attackers come knocking. Here is what you need to fix, in plain English, with real deadlines.​‌‌​​​‌‌‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌​​​​‌‍​​‌​‌‌​‌‍​‌‌​‌​‌‌‍​‌‌​​‌​‌‍​‌‌‌​‌‌​‍​​‌​‌‌​‌‍​‌‌‌​‌‌​‍​‌‌‌​‌​‌‍​‌‌​‌‌​​‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​​​‌​‍​‌‌​‌​​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌‌​‌​​‍​‌‌​‌​​‌‍​‌‌​​‌​‌‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​‌‌​‌‍​‌‌​​​‌​‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌​‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌‌​​​​‍​‌‌​​​​‌‍​‌‌‌​‌​​‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​​‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​​​​‍​‌‌‌​​‌​‍​‌‌​‌​​‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​​‌‌​​‌​‍​​‌‌​​​​‍​​‌‌​​‌​‍​​‌‌​‌‌​

Why the CISA KEV Catalogue Matters for Your Business

The CISA Known Exploited Vulnerabilities catalogue is not theoretical. Every entry on it has been confirmed as actively exploited in the wild — meaning real attackers are using these flaws against real organisations right now [1]. In 2025 alone, CISA added 245 new entries, a roughly 20% increase, and 24 of those were directly linked to ransomware campaigns [2].

For Australian SMBs with 10 to 50 staff, the calculus is simple: you lack the security teams that large enterprises have, which means unpatched vulnerabilities hit you harder. A single ransomware infection can shutter a small business permanently. The Australian Cyber Security Centre (ACSC) consistently reports that small businesses are dispro

portionately affected by cyber incidents, with average recovery costs exceeding $50,000 AUD.​‌‌​​​‌‌‍​‌‌​‌​​‌‍​‌‌‌​​‌‌‍​‌‌​​​​‌‍​​‌​‌‌​‌‍​‌‌​‌​‌‌‍​‌‌​​‌​‌‍​‌‌‌​‌‌​‍​​‌​‌‌​‌‍​‌‌‌​‌‌​‍​‌‌‌​‌​‌‍​‌‌​‌‌​​‍​‌‌​‌‌‌​‍​‌‌​​‌​‌‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​​​‌​‍​‌‌​‌​​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌‌​‌​​‍​‌‌​‌​​‌‍​‌‌​​‌​‌‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​‌‌‌​​‌​‍​‌‌​​​​‌‍​‌‌​‌‌​​‍​‌‌​‌​​‌‍​‌‌​​​​‌‍​‌‌​‌‌‌​‍​​‌​‌‌​‌‍​‌‌‌​​‌‌‍​‌‌​‌‌​‌‍​‌‌​​​‌​‍​‌‌‌​​‌‌‍​​‌​‌‌​‌‍​‌‌​‌‌​‌‍​‌‌‌​‌​‌‍​‌‌‌​​‌‌‍​‌‌‌​‌​​‍​​‌​‌‌​‌‍​‌‌‌​​​​‍​‌‌​​​​‌‍​‌‌‌​‌​​‍​‌‌​​​‌‌‍​‌‌​‌​​​‍​​‌​‌‌​‌‍​‌‌​​​​‌‍​‌‌‌​​​​‍​‌‌‌​​‌​‍​‌‌​‌​​‌‍​‌‌​‌‌​​‍​​‌​‌‌​‌‍​​‌‌​​‌​‍​​‌‌​​​​‍​​‌‌​​‌​‍​​‌‌​‌‌​

Here are the five most urgent vulnerabilities from the latest KEV updates that Australian SMBs need to address immediately.

1. Ivanti Endpoint Manager Mobile — CVE-2026-1340 (CVSS 9.8)

Status: Actively exploited in the wild

What it is: A code injection vulnerability in Ivanti's mobile device management platform that lets an attacker run arbitrary code on your server without any login credentials.

What this means for your business: If you use Ivanti EPMM to manage staff phones or tablets, an attacker can take full control of your device management system. From there, they can push malicious apps to every enrolled device, wipe company phones, or use the compromised server as a launchpad into the rest of your network.

Deadline: Patch immediately. CISA has set a federal remediation deadline, and private organisations should treat this as equally urgent.

Action: Update Ivanti EPMM to the latest patched version. If you cannot patch immediately, restrict management interface access to trusted IP ranges only and enable multi-factor authentication on all admin accounts.

2. Fortinet FortiClientEMS — CVE-2026-35616 (CVSS 9.8)

Status: Actively exploited in the wild

What it is: An improper access control flaw in FortiClientEMS versions 7.4.5 through 7.4.6 that allows unauthenticated attackers to execute arbitrary commands via specially crafted requests.

What this means for your business: Fortinet endpoint management products are common in Australian businesses that also run FortiGate firewalls. If exploited, an attacker gains remote code execution — meaning they can run any command they want on your endpoint management server. This is the kind of access that precedes ransomware deployment.

Deadline: Patch within 48 hours if your FortiClientEMS instance is internet-facing.

Action: Upgrade to FortiClientEMS 7.4.7 or later. Verify the management console is not exposed to the public internet. Check logs for any unrecognised administrative activity going back at least 30 days.

3. WordPress Ninja Forms Plugin — CVE-2026-0740 (CVSS 9.8)

Status: Actively exploited in the wild

What it is: A missing file type validation flaw in the Ninja Forms plugin for WordPress that allows attackers to upload malicious files — including PHP web shells — through your website's forms.

What this means for your business: If your website runs WordPress with Ninja Forms installed (and over 3 million sites use this plugin), attackers can upload a file that gives them full control of your website. They can deface your homepage, steal customer data, inject cryptocurrency miners, or use your site to attack your visitors.

Deadline: Patch today. This is trivially exploitable and actively being scanned for by automated botnets.

Action: Update Ninja Forms to the latest version immediately via your WordPress dashboard. If auto-updates are not enabled for plugins, enable them now. Audit your uploads directory for any unexpected PHP files.

4. Microsoft Office PowerPoint — CVE-2009-0556 (Legacy, Still Active)

Status: Actively exploited in the wild

What it is: A 17-year-old vulnerability in Microsoft PowerPoint that allows attackers to execute malicious code when a user opens a booby-trapped presentation file.

What this means for your business: This CVE proves that old bugs never truly die. If any machine in your office runs an unpatched version of Microsoft Office, a carefully crafted PowerPoint file sent via email can compromise that machine entirely. Staff who open attachments from unknown senders are the primary attack vector.

Deadline: Verify patching across all devices within one week.

Action: Ensure all Microsoft 365 installations are current. Enable Protected View for files from the internet. Strengthen email attachment filtering — block .ppt, .pptx, and other Office macro-enabled formats from external senders where possible.

5. HPE OneView — CVE-2025-37164 (CVSS 10.0)

Status: Actively exploited in the wild

What it is: A maximum-severity remote code execution vulnerability in HPE's infrastructure management platform. A CVSS 10.0 is the highest possible rating — this flaw is trivially exploitable, requires no authentication, and grants full system control.

What this means for your business: If you run HPE servers managed by OneView, this vulnerability gives attackers the keys to your entire server infrastructure. While more common in mid-size businesses running their own server rooms, any organisation using HPE OneView should treat this as a critical emergency.

Deadline: Patch within 24 hours if OneView is accessible from any network segment.

Action: Apply HPE's security patch immediately. Ensure OneView management interfaces are not accessible from the internet. Review access logs for any suspicious API calls or authentication attempts.

Your Patching Priority Checklist

Rank your remediation by exposure and exploitability:

  1. Internet-facing systems first — WordPress plugins, public-facing management consoles
  2. Actively exploited CVEs next — anything on the CISA KEV catalogue
  3. Client-side software last — Office, browsers, PDF readers

For SMBs without dedicated IT staff, consider engaging a managed security provider. The cost of a breach vastly exceeds the cost of proactive patching.

FAQ

Q: What is the CISA KEV catalogue? A: The Known Exploited Vulnerabilities catalogue is a US government-maintained list of software flaws that have been confirmed as actively exploited by attackers. It is the most reliable signal that a vulnerability is not just theoretical — it is being used in real attacks right now.

Q: My business is in Australia — does CISA guidance apply to me? A: Yes. Cyber threats are borderless. The ACSC actively monitors CISA advisories and issues complementary guidance for Australian organisations. Attackers scanning the internet do not check your company's registered country before targeting you.

Q: How often should we be patching? A: Critical vulnerabilities on the KEV catalogue should be patched within 48 hours for internet-facing systems. Routine patching should occur at least monthly. Automate updates wherever possible — browser, operating system, WordPress core and plugins.

Q: We are too small to have an IT team — what should we do? A: Enable automatic updates on all devices and software. Use cloud-based services (Microsoft 365, managed WordPress hosting) that handle patching for you. And consider a cybersecurity assessment to identify your biggest gaps — it is cheaper than recovering from a ransomware attack.

Conclusion

The latest CISA KEV additions paint a clear picture: attackers do not need zero-day exploits when businesses leave known vulnerabilities unpatched for months or years. From a 17-year-old PowerPoint flaw to a maximum-severity infrastructure management bug, the common thread is inaction. Australian SMBs that patch promptly, enable automatic updates, and restrict internet-facing management interfaces will survive the vast majority of these threats.

Visit consult.lil.business for a free cybersecurity assessment tailored to Australian small and medium businesses.

References

  1. CISA Known Exploited Vulnerabilities Catalogue
  2. RSI Security — CISA KEV Latest Vulnerabilities and Infrastructure Risk
  3. SecurityOnline — CVE Watchtower Weekly Threat Intelligence Briefing April 2026
  4. Innovate Cybersecurity — Weekly Top 10: CISA KEV Additions and Microsoft Patch Tuesday

TL;DR

  • Oracle found a serious security problem in some of its business software [1].
  • The problem lets hackers break in without needing a password or login [2].
  • Oracle released an emergency fix (called a "patch") that businesses need to install right away [3].
  • If your business uses Oracle software, check with your IT person immediately.

What Happened?

Think of Oracle Identity Manager like a digital key card system for a big office building. It controls who gets into which rooms and what they're allowed to do once inside [4].

Imagine if someone discovered that the lock on the front door was broken — not just a little bit broken, but so broken that anyone could walk in without a key card. They wouldn't need to steal anyone's key card. They wouldn't need to trick an employee into opening the door. They could just walk right in [5].

That's what happened with Oracle's software. A security problem (called CVE-2026-21992) was discovered in Oracle Identity Manager and Oracle Web Services Manager that lets attackers do exactly that — break in without any password or permission [6].

Why This Is a Big Deal

It's Like Leaving the Front Door Unlocked

This security problem is rated 9.8 out of 10 on the severity scale — that's "Critical," the highest level [7]. Here's why it's so serious:

  • No password needed: Attackers don't need to steal or guess any login credentials [8].
  • No tricking required: Attackers don't need to send fake emails or trick employees into clicking anything [9].
  • Remote access: Attackers can break in from anywhere on the internet — they don't need to physically be at your office [10].
  • Total control: Once inside, attackers can see everything, change anything, or shut the whole system down [11].

It's Happened Before

Here's the scary part: This isn't the first time Oracle has had this exact problem.

In November 2025, another security problem (called CVE-2025-61757) in the same software was being used by hackers to break into real businesses [12]. The U.S. government's cybersecurity agency (CISA) was so worried that they ordered all federal agencies to fix it immediately [13].

Now there's a new problem (CVE-2026-21992) that's almost identical — and it's just as dangerous [14].

What Software Is Affected?

Your business might be affected if you use any of these Oracle products:

Oracle Identity Manager

This is software that helps businesses manage user accounts and permissions [15]. It's commonly used by:

  • Big companies with lots of employees who need different access levels
  • Healthcare organizations (hospitals, clinics)
  • Banks and financial companies
  • Government agencies
  • Any business with strict security rules

Oracle Web Services Manager

This software helps protect web services and APIs — the ways different computer systems talk to each other [16]. Here's the tricky part: This software gets installed automatically with other Oracle software, so you might have it without even knowing [17].

How to Check If You're Affected

If your business uses Oracle software, ask your IT person or managed service provider:

  1. Do we use Oracle Fusion Middleware?
  2. Do we use Oracle Identity Manager?
  3. What version of Oracle software are we running?

If you're not sure, it's safer to assume you might be affected until you know for certain.

What Your Business Should Do Right Now

1. Ask Your IT Person to Check

If you have an IT team or a managed service provider (a company that handles your technology), contact them immediately. Ask:

  • "Do we use Oracle Identity Manager or Oracle Web Services Manager?"
  • "Are we affected by CVE-2026-21992?"
  • "When can we install the security patch?"

2. Install the Emergency Patch

Oracle has released a free security patch that fixes the problem [18]. It's called an "emergency patch" because it's so important — Oracle released it outside their normal schedule [19].

Your IT person can download the patch from Oracle's website and install it on your systems. This should be done as soon as possible — not next week, not after the holidays, but now [20].

3. Upgrade Old Software

If your business is running an old, unsupported version of Oracle software, you won't be able to get the patch [21]. You'll need to:

  1. Upgrade to a supported version first
  2. Then install the security patch

It's like trying to fix a broken lock on a door that's so old the manufacturer doesn't make parts for it anymore. You need to replace the whole lock, not just repair it.

4. Check for Signs of Trouble

Because hackers have used similar security problems to break into businesses before, it's smart to check if anything suspicious has happened recently [22]. Ask your IT person to:

  • Check system logs for unusual activity
  • Look for any new user accounts that nobody remembers creating
  • Review who has been accessing the system and when

If something looks wrong, don't ignore it. Call a cybersecurity professional immediately.

Why This Matters (Even If You Don't Use Oracle)

You might be thinking: "We don't use Oracle software. Why should we care?"

Here's why this matters for every business:

Your Vendors Might Use Oracle

Many cloud services, software providers, and other vendors use Oracle infrastructure behind the scenes. If one of your vendors gets hacked through this Oracle problem, your data could be stolen too [23].

Think of it like this: If you leave your house key with a neighbor and their house gets burglarized because they left their door unlocked, your key (and your house) could be at risk too.

The Lesson Applies to All Software

The big lesson here isn't just about Oracle — it's about keeping all software updated [24].

When any software company (Microsoft, Apple, Adobe, anyone) releases an emergency security patch, it means there's a serious problem that hackers could exploit. Installing updates promptly is one of the most effective ways to protect your business [25].

Patching Saves Money

According to Absolute Security's 2026 report, businesses that don't keep their software updated lose hundreds of billions of dollars every year from cyberattacks and downtime [26]. That's money that could have been saved with timely updates and better security practices.

What Is a "Patch" Anyway?

Think of a software patch like a repair notice for your car.

When a car manufacturer discovers a safety problem — say, the brakes might fail in certain conditions — they send a notice to car owners. The notice says: "Bring your car in, and we'll fix it for free." You take the car to the mechanic, they install the new part, and now your car is safe again [27].

Software patches work the same way:

  1. The software company (Oracle, Microsoft, etc.) discovers a security problem
  2. They create a fix (the "patch")
  3. They release the patch and tell customers to install it
  4. Your IT person installs the patch on your systems
  5. Now your software is secure again

The difference is that with car recalls, you might have weeks or months to bring in your car. With emergency software patches like CVE-2026-21992, you should install them immediately — hackers are looking for unpatched systems right now [28].

How lilMONSTER Helps Businesses Stay Safe

At lilMONSTER, we help businesses protect themselves from security problems like CVE-2026-21992. Here's how:

We Find What Needs Fixing

We scan your systems to find out what software you're running and which ones need security updates [29].

We Prioritize What Matters Most

Not every security problem is an emergency. We help you focus on the ones that are most dangerous to your business — so you're not wasting time on minor issues while critical ones go unfixed [30].

We Make Sure Updates Actually Get Installed

Many businesses intend to install updates but never get around to it. We verify that patches are deployed correctly and nothing was missed [31].

We Watch for Attackers

We monitor your systems for signs that someone is trying to break in — and we catch them early, before they can do damage [32].

The Bottom Line

CVE-2026-21992 is a serious security problem that needs immediate attention if your business uses Oracle software. Here's what to remember:

  • Check if you're affected: Ask your IT person about Oracle Identity Manager and Web Services Manager
  • Install the patch: Do it as soon as possible — this is an emergency fix
  • Upgrade old software: If you're running unsupported versions, upgrade first
  • Watch for trouble: Check for signs that someone may have already broken in

Most importantly: Software updates aren't optional. They're one of the most important ways to keep your business safe from hackers [33].

Worried your business might be affected by CVE-2026-21992 or other security vulnerabilities? Book a free consultation with lilMONSTER. We'll help you understand your risks and protect what you've built.

FAQ

CVE-2026-21992 is a security flaw in some Oracle software that lets hackers break in without needing a password or login — like leaving a front door unlocked [34].

You should check if your vendors or service providers use Oracle, because a breach at their company could affect your data too. Also, the lesson applies to all software: install security updates promptly [35].

Ask your IT person or managed service provider: "Do we use Oracle Fusion Middleware, Identity Manager, or Web Services Manager?" They can check your systems and tell you [36].

If your business uses the affected Oracle software and you don't install the patch, hackers could break into your systems, steal data, or cause your systems to crash. Similar problems have been used in real attacks [37].

Immediately. This is an emergency patch, which means it's critical. Don't wait — ask your IT person to install it as soon as possible [38].

References

[1] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[2] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[3] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[4] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[5] NVD, "CVE-2026-21992 Detail," National Vulnerability Database, March 2026. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2026-21992

[6] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[7] NVD, "CVE-2026-21992 Detail," National Vulnerability Database, March 2026. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2026-21992

[8] NVD, "CVE-2026-21992 Detail," National Vulnerability Database, March 2026. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2026-21992

[9] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[10] SecurityOnline, "Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover," SecurityOnline, March 2026. [Online]. Available: https://securityonline.info/critical-9-8-cvss-flaw-exposes-oracle-identity-manager-cve-2026-21992

[11] SecurityOnline, "Critical 9.8 CVSS Flaw Exposes Oracle Identity Manager to Total Takeover," SecurityOnline, March 2026. [Online]. Available: https://securityonline.info/critical-9-8-cvss-flaw-exposes-oracle-identity-manager-cve-2026-21992

[12] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[13] CISA, "CISA Adds One Known Exploited Vulnerability to Catalog," CISA, November 21, 2025. [Online]. Available: https://www.cisa.gov/news-events/alerts/2025/11/21/cisa-adds-one-known-exploited-vulnerability-catalog

[14] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[15] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[16] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[17] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[18] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[19] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[20] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[21] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[22] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[23] lilMONSTER, "Vendor Breach Supply Chain Security SMB Guide 2026," lil.business, 2026. [Online]. Available: /blog/vendor-breach-supply-chain-security-smb-guide-2026

[24] Absolute Security, "The Downtime Era is Now: Cyber Incidents and AI Enabled Attacks are Driving $400 Billion in Downtime Losses Annually," Absolute Security, March 23, 2026. [Online]. Available: https://www.absolute.com/press-releases/cybercriminals-have-open-access-to-enterprise-pcs-76-days-per-year-according-to-new-research-from-absolute-security

[25] Absolute Security, "The Downtime Era is Now: Cyber Incidents and AI Enabled Attacks are Driving $400 Billion in Downtime Losses Annually," Absolute Security, March 23, 2026. [Online]. Available: https://www.absolute.com/press-releases/cybercriminals-have-open-access-to-enterprise-pcs-76-days-per-year-according-to-new-research-from-absolute-security

[26] Absolute Security, "The Downtime Era is Now: Cyber Incidents and AI Enabled Attacks are Driving $400 Billion in Downtime Losses Annually," Absolute Security, March 23, 2026. [Online]. Available: https://www.absolute.com/press-releases/cybercriminals-have-open-access-to-enterprise-pcs-76-days-per-year-according-to-new-research-from-absolute-security

[27] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[28] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[29] lilMONSTER, "Patch Smarter, Not Harder: The 1% Rule for SMB Cybersecurity," lil.business, 2026. [Online]. Available: /blog/patch-smarter-not-harder-1pct-rule-smb-cybersecurity-2026

[30] lilMONSTER, "Patch Smarter, Not Harder: The 1% Rule for SMB Cybersecurity," lil.business, 2026. [Online]. Available: /blog/patch-smarter-not-harder-1pct-rule-smb-cybersecurity-2026

[31] lilMONSTER, "Patch Smarter, Not Harder: The 1% Rule for SMB Cybersecurity," lil.business, 2026. [Online]. Available: /blog/patch-smarter-not-harder-1pct-rule-smb-cybersecurity-2026

[32] lilMONSTER, "Incident Response Guide for SMBs," lil.business, 2026. [Online]. Available: /blog/incident-response-guide-smb

[33] Absolute Security, "The Downtime Era is Now: Cyber Incidents and AI Enabled Attacks are Driving $400 Billion in Downtime Losses Annually," Absolute Security, March 23, 2026. [Online]. Available: https://www.absolute.com/press-releases/cybercriminals-have-open-access-to-enterprise-pcs-76-days-per-year-according-to-new-research-from-absolute-security

[34] NVD, "CVE-2026-21992 Detail," National Vulnerability Database, March 2026. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2026-21992

[35] lilMONSTER, "Vendor Breach Supply Chain Security SMB Guide 2026," lil.business, 2026. [Online]. Available: /blog/vendor-breach-supply-chain-security-smb-guide-2026

[36] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

[37] Help Net Security, "Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)," Help Net Security, March 23, 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992

[38] Oracle, "Security Alert Advisory - CVE-2026-21992," Oracle, March 2026. [Online]. Available: https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

This post is for informational purposes and does not constitute legal or compliance advice. If your business uses Oracle software, consult with your IT team or a qualified cybersecurity professional to assess your risk and plan your response.

Keep your business safe from critical vulnerabilities. Book a consultation with lilMONSTER to build security practices that protect what you've built.

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation