SECURITYTHE REGISTER
Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites
CISA added two critical Joomla extension vulnerabilities (iCagenda and Balbooa Forms) to its KEV catalog, both rated with a CVSS score of 10. Attackers exploited these flaws to upload malicious PHP code, enabling remote server control. Patches are available, but exploitation continues on unpatched sites.
Mentioned
Related Signal