ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Vulnerabilities

CISA adds iCagenda and Balbooa Joomla flaws to KEV after zero-day use

Source headline: iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

Threat level Critical
Signal strength 80/100
Source confidence 1 source
Published 1 day ago

Intelligence Summary

CISA has added two maximum-severity vulnerabilities in Joomla extensions to its KEV catalog. The flaws affect iCagenda and Balbooa forms, which attackers are reported to have exploited in real-world attacks. Both issues carry CVSS scores of 10.0, indicating critical impact potential. Joomla site operators running affected extensions are at elevated risk of compromise. Patch or mitigate immediately and verify your deployments match the fixed versions from the vendors or extension maintainers.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#joomla #kev #rce #zero-day #cisa #vulnerabilities
Original reporting The Hacker News iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
Open original source