Signal

CISA adds critical Joomla extension vulnerabilities exploited in the wild to known exploited catalog

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-07-13 05:36 UTCUpdated 2026-07-13 17:22 UTC
rss
vulnerabilitiesexploitsincident_responsesecurity_advisory
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Overview

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting the iCagenda and Balbooa Forms extensions for Joomla to its Known Exploited Vulnerabilities catalog.

Entities
CISAiCagendaBalbooa Forms
Score total
1.31
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Recent reports confirm zero-day exploitation of these flaws by threat actors.
  • CISA's addition to the KEV catalog signals official recognition and prioritization of these risks.
  • Organizations running affected Joomla extensions must act promptly to prevent compromise.
Why it matters
  • These vulnerabilities enable remote code execution, posing a critical risk to Joomla-based websites.
  • Active exploitation in the wild increases urgency for organizations to patch or mitigate immediately.
  • Inclusion in CISA's Known Exploited Vulnerabilities catalog highlights the severity and widespread impact.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • The iCagenda and Balbooa Forms Joomla extensions contain critical zero-day vulnerabilities allowing unrestricted file uploads and remote code execution.
How sources frame it
  • The Hacker News: neutral
  • SecurityWeek: neutral
  • SC Media: neutral
All evidence
All evidence
Organizations Warned of Exploited Joomla Extension Vulnerabilities
SecurityWeek · securityweek.com · 2026-07-13 09:08 UTC
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
thehackernews · thehackernews.com · 2026-07-13 05:36 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • SC Media (1)
  • SecurityWeek (1)
  • thehackernews (1)
Top origin domains (this list)
  • scworld.com (1)
  • securityweek.com (1)
  • thehackernews.com (1)