SaaS News and Headlines
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

SaaS Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
SaaSNewsCareful! That Calendar Notification Could Be Loaded with Malware - Here's How to Stay Safe
Careful! That Calendar Notification Could Be Loaded with Malware - Here's How to Stay Safe
SaaS

Careful! That Calendar Notification Could Be Loaded with Malware - Here's How to Stay Safe

•December 1, 2025
0
TechRadar
TechRadar•Dec 1, 2025

Why It Matters

Hijacked calendar events can silently deliver phishing or malware to millions, expanding the attack surface beyond traditional email vectors. Organizations must reassess third‑party calendar integrations to protect employee productivity and data security.

Key Takeaways

  • •Calendar subscriptions can be hijacked after domain expiration
  • •Attackers inject phishing links via .ics files
  • •Around four million devices exposed globally
  • •Risk spans iOS, Android, and enterprise calendars
  • •Users must verify source and revoke unused subscriptions

Pulse Analysis

Calendar subscriptions are a convenience feature that let users import external event feeds directly into their personal or corporate schedules. The .ics format, widely supported across iOS, Android, and desktop clients, automatically adds events without user interaction, creating a seamless experience. However, this trust‑based mechanism also provides a low‑friction pathway for threat actors. By taking control of a domain that hosts an .ics feed—whether through expiration, acquisition, or a compromised server—attackers can push malicious URLs into unsuspecting users’ calendars, effectively turning a benign reminder into a phishing lure.

Bitsight’s research began with a sinkholed domain that served a German holiday calendar, revealing over 11,000 daily unique IP connections. Further investigation uncovered 347 domains, including high‑profile names like FIFA 2018 and Islamic Hijri calendars, collectively reaching an estimated four million devices. The majority of affected IPs were located in the United States, and the scope likely extends far beyond the iPhone ecosystem, encompassing Android and enterprise calendar platforms. Because the calendar apps themselves are not vulnerable, the attack exploits the inherent trust users place in subscribed feeds, making detection difficult until a malicious event is clicked.

Mitigation requires a combination of user awareness and administrative controls. End users should regularly audit subscribed calendars, removing any that are no longer needed or originate from unverified sources. IT departments can enforce policies that block external .ics files or require digital signatures for calendar feeds. Additionally, organizations should monitor domain registrations related to critical calendar subscriptions and implement rapid revocation processes when a provider’s domain changes ownership. By treating calendar subscriptions as a potential attack surface, businesses can close a stealthy entry point that could otherwise compromise credentials, spread malware, or facilitate broader phishing campaigns.

Careful! That calendar notification could be loaded with malware - here's how to stay safe

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...