Trending topics
#
Bonk Eco continues to show strength amid $USELESS rally
Hosico
Hosico+181.61%
USELESS
USELESS-5.18%
IKUN
IKUN-4.08%
gib
gib-14.11%
#
Pump.fun to raise $1B token sale, traders speculating on airdrop
Bonk
Bonk-3.34%
ALON
ALON+5.99%
LAUNCHCOIN
LAUNCHCOIN-8.2%
GOONC
GOONC-5.64%
KLED
KLED-13.88%
#
Boop.Fun leading the way with a new launchpad on Solana.
BOOP
BOOP-0.1%
Boopa
Boopa-2.11%
PORK
PORK0.00%
ℏεsam
ℏεsam
Feb 10, 05:14·
Anyone who has booked meetings from @calcom might be hacked and their X account exposed. My account started posting 2-3 scam posts which I realized from a random reply notification and took down in a matter of minutes. Here’s what happened and how this might happen to you:
ℏεsam
ℏεsamFeb 9, 12:19
🚨 you might have seen my account posting a crypto scam in the last couple of hours. I was lucky to catch this in time. for a second I thought my account is hacked, then I suspected it might be OpenClaw, which I remembered I never gave access to my real account to it. after checking more carefully I noticed it was a connected app named cal. com which I connected to in order to schedule an online meeting with a scammer (mistake). i don’t know if cal. com is malicious or it was used for a malicious attempt. I’ve been dodging countless number of these attacks, but I want to apologize for the mistake. for those who know me, it’s clear that I never engage in crypto, SCAM or not, and never endanger anyone who’s put his trust in me.
I was asked by a techcrunch editor (a scammer really) to book a meeting through @calcom. it was the real website (no phishing) in domain. after selecting the time slot and filling my name, I was redirected to a scammer page asking that to finalize my meeting, I must login via X.
I checked the app, it was under the official @calcom domain. it was also a real domain. the scammer didn’t make a fake OAuth app integration, it made a fake page to encourage the integration under the real app. WHY?
the scammers reached out in disguise of a techcrunch employee, but this could happen in any other way. anyone sending you links to book a meeting from an apparently legit website, might use that vulnerability against you.
has real security flaws enabling hackers to use their OAuth integration to gain access to connected accounts.
they’ve had numerous CRITICAL security flaws in their github that are still open. according to cyberpress @calcom has had very similar security flaws publicly reported, as recent as Jan 28th.
151