Cybersecurity Today iCloud Calendar Invites Disguise New Phishing Campaigns
Sep 10, 2025
Phishing scams are getting clever as attackers use iCloud calendar invites to bypass security checks. The U.S. Department of Defense faces risks after exposing sensitive livestream credentials. Meanwhile, billions of Android devices are vulnerable due to unpatched zero-day issues. In a bold move, the U.S. State Department has placed a $10 million bounty on three Russian hackers linked to energy sector attacks. The discussion emphasizes the crucial need for robust cybersecurity measures to protect our digital lives.
AI Snips
Chapters
Transcript
Episode notes
Calendar Invites Can Evade Email Filters
- Attackers are using iCloud calendar invites to bypass email security and appear to come from real Apple addresses.
- This makes calendar-based phishing much harder to detect with traditional email filters.
Host Received Convincing Apple-Looking Phish
- Jim Love recounts receiving a convincing spear phishing email that appeared to come from an authentic Apple address.
- He held suspicion and declined to follow a password-change link, underscoring the attack's realism.
Verify Suspicious Calendar Invites
- Treat unexpected calendar invites the same way you treat suspicious emails and avoid clicking links.
- Verify claims directly and ask someone if you feel even slightly uncertain.