MONDAY, JULY 13, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 3h ago

CISA Flags Two Joomla Extension Zero-Days Under Active Exploitation

By Meridian48 News Desk · Summarised from The Hacker News ·

CISA added two critical Joomla extension flaws (CVE-2026-48939 and another) to its KEV catalog after reports of zero-day exploitation. Both vulnerabilities carry a CVSS score of 10.0, indicating maximum severity. The flaws affect iCagenda and Balbooa extensions, widely used for event management and form building.

Meridian48 take
The inclusion in CISA's KEV catalog underscores that these aren't theoretical risks—attackers are actively exploiting them, making patching urgent for Joomla site operators.
Read the full reporting
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days →
The Hacker News
joomlazero-day
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan