FBI Warns Kali365 Phishing Kit Is Stealing Microsoft OAuth Tokens at Scale

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

The FBI has issued a public service announcement warning about a new phishing kit that's stealing Microsoft OAuth tokens at an alarming rate. OAuth token theft is a serious headache for organizations because stolen tokens can bypass multi-factor authentication (MFA) and grant access to privileged accounts within an organization without needing to know their credentials. Think corporate espionage, data theft, maybe even ransomware. The main culpr…

FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA

The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and bypass multi-factor authentication (MFA). Kali365 is being distributed primarily through Telegram channels, where threat actors can subscribe to the service and launch phishing campaigns with minimal technical knowledge. Unlike traditional credenti…

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Kali365 is targeting Microsoft 365 users through device code phishing, using OAuth token theft and Telegram-based distribution.

FBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal Logins

The U.S. Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (Alert I-052126-PSA) warning about a newly identified Phishing-as-a-Service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users. First observed in April 2026, the platform enables attackers to bypass multi-factor authentication (MFA) by exploiting OAuth-based authentication flows. Kali365 PhaaS Platform Targets Microsoft […] The po…