Calendar Invite Exploit: Stop Phishing Hiding in Your Calendar

Calendar invite exploits abuse meeting requests to deliver malicious links, auto-added events, or phishing prompts that trick users into sharing credentials or installing malware. Attackers spoof trusted senders, exploit default settings that add invites to calendars, and embed payloads in descriptions or attachments. Effective defenses include disabling auto-adding of events, requiring invitation acceptance, filtering external invites, and scanning links. Train employees to verify sender addresses, preview links, and report suspicious requests.

Google Calendar Gemini Security

Google Calendar Invites Enable Hackers to Hijack Gemini and Steal Your Data

Critical security vulnerability found in Google’s AI assistant, Gemini, which allowed attackers to remotely control the AI and access sensitive user data through malicious Google Calendar invites. This indirect prompt injection bypassed existing security measures by embedding harmful instructions within event titles, which Gemini then processed, potentially leading to unauthorized access to emails, location data, smart home devices, and more. While Google swiftly patched this specific vulnerability, the incident highlights broader concerns about AI security and the need for new defensive strategies beyond traditional cybersecurity. The second source introduces Technijian, a company specializing in cybersecurity solutions that address such emerging threats, offering assessments, monitoring, and training to help organizations secure their digital environments against AI-targeted attacks. ... Read More