Critical Alert: New Joomla Vulnerability Under Active Exploitation
CISA warns of critical security flaws in iCagenda and Balbooa Forms that are already being used in real-world cyberattacks.

The Urgency of Updating: Joomla in the Crosshairs
Security in content management systems (CMS) is once again at the center of controversy. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two maximum-severity security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These breaches specifically affect the iCagenda and Balbooa Forms extensions for Joomla, widely used tools that now expose thousands of websites to critical risks.
A 10.0 Risk Level on the CVSS Scale
Both vulnerabilities have been rated 10.0, the highest possible score on the CVSS risk assessment system. This means that any successful hack could allow an attacker to take full control of the affected server without needing prior privileges. The active exploitation of these zero-days suggests that threat actors are automating the search for outdated sites to deploy malicious payloads, which is often the prelude to large-scale ransomware attacks.
"The inclusion in CISA's KEV catalog is a clear indicator that the vulnerability is not theoretical, but is being actively used in the real world to compromise digital infrastructure," security experts note.
How to Protect Your Infrastructure?
Speed is vital. If you manage a site using Joomla, the immediate recommendation is to audit which plugins you have installed and proceed with updating to the patched versions of iCagenda and Balbooa Forms. Inaction in the face of these warnings often leads to data loss or information hijacking through malicious encryption, a common tactic we have seen in high-impact cases, such as the recent Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt.
Beyond the CMS: Comprehensive Security
The cybersecurity ecosystem is vast, and threats are not limited to web servers. From vulnerabilities in mobile devices, such as the case analyzed in RedHook: El nuevo hack de Android que explota el Wireless ADB, to breaches in third-party applications, the attack surface is constantly growing. Maintaining a rigorous patch management policy is not an option; it is an operational necessity.
Conclusion
Incidents involving Joomla extensions demonstrate that, often, the weakest link is not the software core, but the additional components we add to improve functionality. Constant vigilance and a rapid response to CISA alerts are the only effective defenses against automated attacks that seek to exploit these weaknesses before administrators can react.
Sources consulted:
- The Hacker News: iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
Related articles
13 de julio de 2026
Alerta crítica: Nova vulnerabilitat a Joomla sota explotació activa
La CISA adverteix sobre fallades de seguretat crítiques a iCagenda i Balbooa Forms que ja estan sent utilitzades en atacs cibernètics reals.
13 de julio de 2026
Alerta crítica: Nueva vulnerabilidad en Joomla bajo explotación activa
CISA advierte sobre fallos de seguridad críticos en iCagenda y Balbooa Forms que ya están siendo utilizados en ataques cibernéticos reales.
12 de julio de 2026
RedHook: El nou hack d'Android que explota el Wireless ADB
El malware RedHook ha evolucionat per abusar del Wireless ADB a Android, permetent als atacants obtenir privilegis de shell sense cables.
12 de julio de 2026
RedHook: The new Android hack that exploits Wireless ADB
The RedHook malware has evolved to abuse Wireless ADB on Android, allowing attackers to gain shell privileges without a physical cable connection.
Loading comments...