9 July 2026.

mySite.guru report that two more zero days affecting Third Party Extensions used by many Joomla! CMS websites have been discovered.

The compromised Third Party Extensions are:

  • Balbooa Forms, and
  • AcyMailing.

Check whether or not your website is using one of these compromised Third Party Extensions.

If it is then you can learn more about each zero day in the excellent mySite.guru Blog at the following links before taking corrective action.

Read more: Balbooa Forms

Read more: AcyMailing

Recent similar mySite.guru blog posts

29 June 2026

Read more: Helix3 Template Framework.

Read more: PageBuilder CK.

15 June 2026.

Read more: SP Page Builder

Read more: iCagenda

10 April 2026.

"Smart Slider 3 Pro version 3.5.1.35 was a malicious release".

"Not a vulnerability, not a coding mistake, not a missed capability check. An unauthorized party pushed a backdoored build through Nextend’s own update infrastructure".

Read more: Smart Slider 3 Pro version 3.5.1.35 was a malicious release

What should you do?

Check whether or not your website is using a compromised Third Party Extension.

If it has then mySites.guru offer a value for money rescue package (recommended).

See link published in their blog posts.

mySites Guru

About the mySites Guru Blog

mySites.guru publishes tips, tutorials and updates about managing WordPress and Joomla! websites in its excellent blog.

mySites.guru also publishes a really useful Email Newsletter which you can subscribe to at the link below.

Subscribe: mySites.guru Newsletter

Read more: mySites.guru Blog

Make Joomla! CMS Security your #1 Priority

We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.

Read more: WYNCHCO Joomla! CMS Help & Support.

9 July 2026.

mySite.guru report that two more zero days affecting Third Party Extensions used by many Joomla! CMS websites have been discovered.

The compromised Third Party Extensions are:

  • Balbooa Forms, and
  • AcyMailing.

Check whether or not your website is using one of these compromised Third Party Extensions.

If it is then you can learn more about each zero day in the excellent mySite.guru Blog at the following links before taking corrective action.

Read more: Balbooa Forms

Read more: AcyMailing

Recent similar mySite.guru blog posts

29 June 2026

Read more: Helix3 Template Framework.

Read more: PageBuilder CK.

15 June 2026.

Read more: SP Page Builder

Read more: iCagenda

10 April 2026.

"Smart Slider 3 Pro version 3.5.1.35 was a malicious release".

"Not a vulnerability, not a coding mistake, not a missed capability check. An unauthorized party pushed a backdoored build through Nextend’s own update infrastructure".

Read more: Smart Slider 3 Pro version 3.5.1.35 was a malicious release

What should you do?

Check whether or not your website is using a compromised Third Party Extension.

If it has then mySites.guru offer a value for money rescue package (recommended).

See link published in their blog posts.

mySites Guru

About the mySites Guru Blog

mySites.guru publishes tips, tutorials and updates about managing WordPress and Joomla! websites in its excellent blog.

mySites.guru also publishes a really useful Email Newsletter which you can subscribe to at the link below.

Subscribe: mySites.guru Newsletter

Read more: mySites.guru Blog

Make Joomla! CMS Security your #1 Priority

We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.

Read more: WYNCHCO Joomla! CMS Help & Support.

By browsing our website you agree to its use of cookies. Cookie Policy.