Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

FBI alert: Outlook, OneDrive and other Microsoft 365 services targeted by new cyber threat

The kit uses AI-generated lures and device code flow to steal tokens, giving attackers persistent access without passwords or multi-factor authentication.

  • On May 21, 2026, the FBI issued an alert regarding 'Kali365,' a phishing platform targeting Microsoft 365 services including Outlook, Teams, and OneDrive.
  • First identified in April, this 'PhaaS' platform allows hackers to bypass Multi-Factor Authentication by capturing OAuth tokens rather than stealing user credentials.
  • By manipulating legitimate authentication flows, attackers capture tokens, a technique the FBI noted 'lowers the barrier of entry' for less-skilled individuals looking to hijack accounts.
  • To protect accounts, officials recommend creating conditional access policies to block device code flow and reporting suspicious activity to the Internet Crime Complaint Center.
  • Cybersecurity experts warn this reflects a broader shift toward exploiting trust, with one analyst stating, 'The next breach at a large enterprise will not start with a hacker exploiting a vulnerability.
Insights by Ground AI

17 Articles

WavyWavy
Center

FBI warns of new phishing scam targeting Microsoft 365 users

HAMPTON ROADS, Va. (WAVY) -- A warning of a new phishing scam that allows cyber attackers to gain access to Microsoft 365 users' accounts has been issued by the FBI. The FBI issued a public warning called Kali365 that first appeared in April, where attackers can access your Microsoft 365 user accounts without needing to [...]

Read Full Article
WOWKWOWK
Center

Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says

A new phishing tool is allowing cyber attackers to get access to Microsoft 365 users' accounts without even needing to know your password, the FBI said in a warning issued to the public on Thursday.

·Charleston, United States
Read Full Article
Inc.Inc.
Center

The FBI Just Issued an Urgent Warning for Anyone Using Microsoft Teams, Outlook, or OneDrive Over a New Phishing Scheme

A fast-spreading cyberattack kit called “Kali365” allows low-skill scammers to hijack a user’s account without ever stealing their password.

·New York, United States
Read Full Article
KULR-TVKULR-TV
Reposted by
KHQ Right NowKHQ Right Now
Center

FBI warns scam can break into Microsoft 365 accounts

The FBI warned about a scam that let hackers get into Microsoft 365 accounts without needing a password.

·Billings, United States
Read Full Article
Asheville Citizen-TimesAsheville Citizen-Times
Lean Left

FBI warns of phishing scam targeting Outlook, OneDrive, Teams users

·Asheville, United States
Read Full Article
Tech RadarTech Radar
Center

The FBI warns Microsoft 365 services are being bombarded with new phishing emails — here are 3 steps you can take to stay safe

Kali365 is abusing legitimate Microsoft login mechanisms to hijack Outlook, Teams, and OneDrive services.

·United Kingdom
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 72% of the sources are Center
72% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

antena3.ro broke the news on Thursday, May 28, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Cyberattacks icon

Cyberattacks

FBI icon

FBI

United States icon

United States

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal