216.73.217.139

The Hidden Dangers of Calendar Subscriptions: 4 Million Devices at Risk

· Published 26/11/2025 09:27 · Modified 21/12/2025 18:02

Export JSON

Essential information

Published
26/11/2025 09:27
Modified
21/12/2025 18:02
Tags
2025-11-26 CVE-2025-27915 balada injector calendar subscriptions cybersecurity expired domains ios macos push notifications social engineering
Related entities
1 vulnerabilities (cve), 7 observables, 14 techniques (mitre), 20 others

Description

Bitsight researchers uncovered a significant security risk associated with , potentially affecting 4 million devices. Expired or hijacked domains hosting can be exploited for large-scale attacks. The research revealed two types of sync requests reaching their sinkhole, indicating different networks at play. The infrastructure behind these operations was found to be deliberate and planned, with domains actively registered until 2025. The attack vector leverages users' trust in calendar events, making it more effective than traditional phishing emails. The researchers also discovered links to the campaign, involving website compromises and redirection chains. The scale of operations includes over 1,300 domains and various monetization strategies, including selling calendar event ad space.

External references