CISA adds iCagenda and Balbooa Joomla flaws to KEV after zero-day use
Source headline: iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
Intelligence Summary
CISA has added two maximum-severity vulnerabilities in Joomla extensions to its KEV catalog. The flaws affect iCagenda and Balbooa forms, which attackers are reported to have exploited in real-world attacks. Both issues carry CVSS scores of 10.0, indicating critical impact potential. Joomla site operators running affected extensions are at elevated risk of compromise. Patch or mitigate immediately and verify your deployments match the fixed versions from the vendors or extension maintainers.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.