FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass ...

FBI warns of Kali phishing scam hitting Microsoft OAuth tokens — warns 'Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generate…

A new phishing kit is being offered on Telegram allowing even newbie hackers an easy way to grab OAuth tokens.
Windows Report

FBI Warns Kali365 Can Bypass Microsoft 365 MFA Using OAuth Tokens

The FBI warns that Kali365 phishing attacks can bypass Microsoft 365 MFA by stealing OAuth session tokens through device code phishing.

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
Infosecurity Magazine

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

A new phishing-as-a-service (PhaaS) platform called Kali365 is being distributed in the wild, primarily via Telegram, the FBI has warned. First detected in April 2026, Kali365 provides cyber threat ...

FBI Warns Microsoft Users—New Attack Gains Access To Accounts

New FBI warning for Microsoft users. The FBI issued a warning on May 21, as a new AI-powered attack enables "threat actors to ...
Arabian Post

Kali365 raises Microsoft 365 breach risks

US federal investigators have warned that a new phishing-as-a-service platform called Kali365 is enabling cybercriminals to steal Microsoft 365 access tokens and bypass multi-factor authentication ...
Information Age

Australian Microsoft users warned of code phishing threat

Australia’s national cybersecurity agency says users of Microsoft 365 software should be wary of a "growing threat" from ...