Skip to content
The Nexus
SECURITYJul 14 · 11:06 UTCTHE REGISTER

Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites

CISA added two critical Joomla extension vulnerabilities (iCagenda and Balbooa Forms) to its KEV catalog, both rated with a CVSS score of 10. Attackers exploited these flaws to upload malicious PHP code, enabling remote server control. Patches are available, but exploitation continues on unpatched sites.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting