Major Incidents or Breaches

  • iCloud Calendar invites are being abused to deliver callback phishing emails that appear as purchase notifications. These emails are sent directly from Apple’s own servers, increasing the likelihood of bypassing spam filters and being delivered to users’ inboxes.

Notable Threat Actor Activity

  • Threat actors are leveraging Apple’s legitimate iCloud Calendar infrastructure to distribute phishing messages, exploiting the trust and deliverability associated with Apple’s email servers.

Regulatory or Policy Developments Affecting the Security Industry

  • The Czech Republic’s National Cyber and Information Security Agency (NUKIB) has issued guidance for critical infrastructure organizations to avoid using Chinese technology and to refrain from transferring user data to China, citing security concerns.