Find notable cyber news and cases, enriched with sources, timelines, and signals.

Expired or hijacked domain calendar subscription abuse campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

Threat actors are abusing digital calendar subscriptions on expired or hijacked domains to push phishing and malware delivery into subscribed devices. The operation matters because once a subscription is established, attackers can inject calendar files with URLs or attachments and widen the attack surface. The same abuse pattern is also being used for JavaScript execution and other emerging attack paths.

Related Happenings

Hotel and hospitality photo-ZIP phishing campaign

Campaign
H score40 First: 26.06.2026 12:27 Last: 26.06.2026 12:27 Sources 1

About this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
H score31 First: 26.03.2026 16:09 Last: 26.03.2026 16:09 Sources 1

About this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
H score25 First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Google Groups and Google-hosted URL malware campaign targeting global organizations

Campaign
H score66 First: 15.02.2026 18:30 Last: 15.02.2026 18:30 Sources 1

About this happening: An active **Google Groups** malware campaign is abusing **Google-hosted URLs** to target **global organizations** and increase trust-based delivery success. Attackers seed legitim...

Calendly-themed brand-impersonation phishing campaign targeting ad manager accounts

Campaign
H score26 First: 02.12.2025 16:00 Last: 02.12.2025 16:00 Sources 1

About this happening: An ongoing **Calendly-themed phishing campaign** is impersonating major brands to steal **Google Workspace** and **Facebook business** credentials, creating takeover risk for ad a...

Timeline

  1. 28.11.2025 17:05 2 articles · 7mo ago

    BitSight discloses calendar subscription abuse on expired or hijacked domains

    Initial Disclosure

    BitSight disclosed that threat actors are abusing digital calendar subscription infrastructure on expired or hijacked domains to trick users into subscribing to notifications and then deliver harmful calendar files, including URLs or attachments, through subscribed .ics files. The research says the abuse can support phishing, malware distribution, JavaScript execution, and other calendar-based social engineering, and it does not indicate a vulnerability in Google Calendar or iCalendar because the risk comes from third-party calendar subscriptions.

    Show sources