Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Flaws in Joomla Extensions Exploited in Zero-Day Attacks

Critical Flaws in Joomla Extensions Exploited in Zero-Day Attacks

Posted on July 13, 2026 By CWS

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently highlighted two serious vulnerabilities affecting popular Joomla extensions, iCagenda and Balbooa Forms. These flaws, which have been actively exploited, are now part of CISA’s Known Exploited Vulnerabilities catalog due to their severity and the potential risk they pose.

Details of the Security Vulnerabilities

The identified vulnerabilities, rated a critical 10.0 on the CVSS scale, are as follows:

  • CVE-2026-48939: This flaw in the iCagenda extension allows arbitrary file uploads through its file attachment feature, potentially leading to PHP code execution.
  • CVE-2026-56291: Found in Balbooa Forms, this vulnerability also permits arbitrary file uploads, resulting in remote code execution.

According to mySites.guru, a service managing Joomla and WordPress sites, CVE-2026-48939 was first exploited as a zero-day on June 15, 2026. The attack leverages the ‘Submit an Event’ feature of iCagenda to upload malicious files.

Impact and Mitigation Measures

mySites.guru detected automated attacks using scanners labeled ‘icagenda-batch/1.0’ that exploit the vulnerability to upload and execute malicious scripts. The affected iCagenda versions are up to 4.0.7 and legacy versions 3.2.1 through 3.9.14. Updates have been released to address these issues in versions 4.0.8 and 3.9.15, and users are advised to check for suspicious PHP files in their directories.

The Balbooa Forms flaw, CVE-2026-56291, affects versions up to 2.4.0 and has been patched in version 2.4.1. The vulnerability allowed file uploads from anonymous users without proper security checks, creating a major risk of remote code execution.

Global Security Implications

In response to these exploits, Federal Civilian Executive Branch (FCEB) agencies have been directed to implement the necessary patches by July 13, 2026. The Australian Cyber Security Centre (ACSC) has issued an alert about a broader campaign targeting CMS systems globally. These attacks exploit vulnerabilities for remote access through web shells.

The ACSC warns that the use of artificial intelligence is hastening the pace of cyber operations, reducing the time from vulnerability disclosure to exploitation. Organizations are urged to act swiftly to mitigate these evolving cyber threats.

As cybersecurity risks continue to grow, staying informed and proactive about vulnerabilities and updates is critical for safeguarding digital infrastructure.

The Hacker News Tags:AI in cybersecurity, Balbooa Forms, CISA, CMS vulnerabilities, CVE-2026-48939, CVE-2026-56291, Cybersecurity, file upload vulnerability, global campaign, iCagenda, Joomla, remote code execution, security patches, web security, zero-day

Post navigation

Previous Post: Microsoft Trials AI Tool to Diagnose Windows 11 Slowdowns
Next Post: Motorola MR2600 Vulnerability Enables Remote Code Execution

Related Posts

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading The Hacker News
AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims The Hacker News
NGINX Vulnerability CVE-2026-42945 Actively Exploited NGINX Vulnerability CVE-2026-42945 Actively Exploited The Hacker News
Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon The Hacker News
Grinex Exchange Halts After .74M Cyber Heist Linked to Intelligence Grinex Exchange Halts After $13.74M Cyber Heist Linked to Intelligence The Hacker News
Why Business Impact Should Lead the Security Conversation Why Business Impact Should Lead the Security Conversation The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Citrix Enhances AI Security with New NetScaler Gateway
  • Motorola MR2600 Vulnerability Enables Remote Code Execution
  • Critical Flaws in Joomla Extensions Exploited in Zero-Day Attacks
  • Microsoft Trials AI Tool to Diagnose Windows 11 Slowdowns
  • SpaceX X Accounts Hacked to Promote Crypto Scam

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Citrix Enhances AI Security with New NetScaler Gateway
  • Motorola MR2600 Vulnerability Enables Remote Code Execution
  • Critical Flaws in Joomla Extensions Exploited in Zero-Day Attacks
  • Microsoft Trials AI Tool to Diagnose Windows 11 Slowdowns
  • SpaceX X Accounts Hacked to Promote Crypto Scam

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark