A criminal subscription service called Kali365 is hijacking Microsoft 365 accounts at organizations across multiple sectors without ever touching a user's password — and it defeats multi-factor ...
The FBI has warned about a phishing tool called Kali365 that can bypass two-factor authentication on Microsoft 365 accounts. The subscription-based kit uses OAuth device code flow to steal access ...
Kali365 phishing attacks bypass Microsoft 365 MFA by stealing access tokens. Real Microsoft device sign-in pages make Kali365 phishing lures harder to detect. Defenders should restrict device code ...
A new phishing-as-a-service (PhaaS) platform called Kali365 is being distributed in the wild, primarily via Telegram, the FBI has warned. First detected in April 2026, Kali365 provides cyber threat ...
The FBI says a new phishing-as-a-service tool called Kali365 can help attackers break into Microsoft 365 accounts without stealing passwords. The trick targets OAuth ...