// NEXUSVOID CYBER NEWS

<- ALL CYBER NEWS

Critical

Joomla, iCagenda, Balbooa Forms, CISA KEV, RCE, zero-day, CMS, plugins

Two Joomla Add-Ons Are Being Exploited to Run Code, and CISA Just Flagged Both

CISA has added two maximum-severity flaws in the iCagenda and Balbooa Forms extensions for Joomla to its Known Exploited Vulnerabilities catalog, after reports they were exploited as zero-days for remote code execution. The weak point is the plugin, not the platform.

CISA has added two maximum-severity vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to its Known Exploited Vulnerabilities catalog, following reports that both were exploited as zero-days for remote code execution, as reported by The Hacker News.

The pattern is a familiar one for anyone who runs a content management system. The core platform is not where most sites fall, the extensions are. A calendar plugin and a forms builder are exactly the kind of add-on installed once and forgotten, and each one is code running on your server with the trust of the site around it.

A KEV listing is not a theoretical warning, it is CISA confirming that attackers are already using these flaws in the wild. For federal agencies it starts a patch clock, and for everyone else it is a strong signal that scanning for vulnerable installs is happening at scale right now.

Site owners should update or remove the affected extensions immediately, and use the moment to audit every other plugin for available updates and for anything installed and no longer used. On a public website, an unmaintained extension is the most common way in, and the fix is usually just keeping the parts you actually need current.

Sources: The Hacker News, SecurityWeek.

Liked this briefing? Share it:

More briefings

Related posts appear on the live page
Get the briefings first
Breaking security news, verified fast, with the one fact the headlines skip. No spam - unsubscribe anytime.