All news with #bitsight tag

Threat Actors Abuse Calendar Subscriptions for Attacks

📅 New research from BitSight reveals that threat actors are exploiting third‑party calendar subscription mechanisms to inject malicious events and notifications directly into users' devices. Attackers are leveraging expired or hijacked domains to host deceptive .ics files and run large‑scale social engineering campaigns that can deliver phishing URLs, attachments, or code execution vectors. While this is not a vulnerability in Google Calendar or iCalendar, the findings expose a neglected security blind spot. Organizations and individuals should strengthen monitoring and protections around calendar subscriptions.