CISA adds two Joomla extension flaws to known exploited vulnerabilities catalog

CISA added iCagenda and Balbooa Forms Joomla extension flaws to its KEV catalog, citing active exploitation and remote code execution risks.

The Latest

Breaking News and Alerts

Authentication Bypass Vulnerabilities Patched in BeyondTrust Remote Access Products

BeyondTrust released fixes for two critical pre-authentication bypass vulnerabilities in Remote Support and Privileged Remote Access products.

Spotlight

Cybersecurity Profiles and Stories

Free Android VPN Apps Fail Basic Security Tests in Major Academic Study

A new automated testing framework reveals widespread traffic leaks, plaintext data transmission, and tracking behavior across 281 popular free Android VPN apps.

Researcher Finds Google Dialogflow CX Flaw Opened Door to Agent Hijacking

Google patched a flaw in Dialogflow CX that allowed an attacker with edit permissions on one chatbot to hijack others in the same cloud project.

Insider Negotiator Helped BlackCat Ransomware Gang Maximize Payouts

A former cybersecurity incident response employee received a 70-month prison sentence for feeding confidential victim data to the BlackCat ransomware gang to drive up extortion payments.

Dutch Police Trace Odido Telecom Hack to Local Suspects Through Phone Call

Investigators traced the Odido breach to local hackers after a Dutch-speaking caller impersonated an IT employee to gain access.

Features

Research and Thought Leadership