Wire · founder news, decoded · regulatory
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
CISA has added two maximum-severity zero-day vulnerabilities (CVE-2026-48939 in iCagenda and CVE-2026-56291 in Balbooa Forms) to its Known Exploited Vulnerabilities catalogue; both allow arbitrary file upload and remote code execution on Joomla sites, with iCagenda being actively exploited since June 2026.
This Wire brief sits within Fusion42's coverage of Cybersecurity. Wire is Fusion42's founder-focused intelligence feed: each story is connected to the funds and startups it names — every one with a live profile on Raise or Scout — so founders can follow the capital and the momentum behind the headline rather than just the headline itself. Wire analysis is one of the live surfaces Arthur, Fusion42's AI co-founder, reasons over.
The Wire takeaway
If you run a Joomla site with iCagenda or Balbooa Forms, you are currently being scanned by automated attackers; patch immediately or remove the plugins—CISA has marked these as actively exploited in the wild.
Read the full story at thehackernews.com →
Topics: Cybersecurity · zero-day · joomla · rce · file-upload · cisa-kev