ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)
CISA added two maximum-severity Joomla extension flaws to its Known Exploited Vulnerabilities catalog after zero-day exploitation. CVE-2026-48939 affects iCagenda, allowing unauthenticated remote code execution via the Submit an Event form. CVE-2026-56291 affects Balbooa Forms up to version 2.4.0, enabling arbitrary file upload by anonymous visitors. Patches are available in iCagenda 4.0.8/3.9.15 and Balbooa Forms 2.4.1.
Tracked by ByteBrief