9 July 2026.
mySite.guru report that two more zero days affecting Third Party Extensions used by many Joomla! CMS websites have been discovered.
The compromised Third Party Extensions are:
- Balbooa Forms, and
- AcyMailing.
Check whether or not your website is using one of these compromised Third Party Extensions.
If it is then you can learn more about each zero day in the excellent mySite.guru Blog at the following links before taking corrective action.
Recent similar mySite.guru blog posts
29 June 2026
Read more: Helix3 Template Framework.
15 June 2026.
10 April 2026.
"Smart Slider 3 Pro version 3.5.1.35 was a malicious release".
"Not a vulnerability, not a coding mistake, not a missed capability check. An unauthorized party pushed a backdoored build through Nextend’s own update infrastructure".
Read more: Smart Slider 3 Pro version 3.5.1.35 was a malicious release
What should you do?
Check whether or not your website is using a compromised Third Party Extension.
If it has then mySites.guru offer a value for money rescue package (recommended).
See link published in their blog posts.
mySites Guru
About the mySites Guru Blog
mySites.guru publishes tips, tutorials and updates about managing WordPress and Joomla! websites in its excellent blog.
mySites.guru also publishes a really useful Email Newsletter which you can subscribe to at the link below.
Make Joomla! CMS Security your #1 Priority
We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.







Your personal data is nobody's business.