Do I understand correctly that this is not at all an exploit for Google Calendar itself, but just uses the Calendar share functionality to communicate to already infected hosts? That can be applied to pretty much any service with publicly accessible of sharable data though… I’d call this website out for clickbait but it seems like every tech news website is copy-pasting this same fearmongering article.