CISA has added two CVSS 10.0 arbitrary file upload flaws in the iCagenda and Balbooa Forms Joomla extensions to its Known Exploited Vulnerabilities catalog after confirmed in-the-wild exploitation. Federal agencies must patch by July 13 while all Joomla administrators are advised to update to the fixed versions released in June and July.

Attackers can upload arbitrary files, including PHP scripts, through the file attachment feature, leading to data theft, web shell installation, and full website compromise.
The vulnerability permits upload of dangerous file types such as executables, resulting in remote code execution and complete site takeover.
These maximum-severity RCEs via unauthenticated uploads highlight why extension inventories and rapid patching remain non-negotiable for any Joomla deployment.
Tap a lens to see what this story means for you.
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
See what’s happening right now
The Feed runs all day — short, verified briefs the moment they break.
Open the FeedFollow @thecircuitry_
Every story we publish, as it happens. No noise between.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
Philips is replacing fewer than 100 Hue Bridge Pro devices bricked by a specific firmware update scenario and has issued a new update on July 13 to prevent further cases. The replacements are free regardless of warranty but require users to rebuild their smart lighting setups from scratch since configuration backups are unavailable.
Tesla has torn down its original Model S and Model X assembly lines at the Fremont factory in 46 days to begin Optimus robot production. The move prepares the site for up to 1 million units per year while larger volumes are planned for Texas.
Apple has filed a 41-page lawsuit accusing OpenAI and three former employees of stealing confidential documents and trade secrets to aid development of the startup's first AI hardware device. The claims include retaining company computers, exploiting network vulnerabilities, and coaching staff on evading security to obtain unreleased product details.