FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users
The toolkit automates phishing campaigns and lets attackers hijack OAuth tokens to keep access to Outlook, Teams and OneDrive, the FBI said.
- The FBI issued an urgent warning on Monday regarding Kali365, a phishing platform targeting Microsoft 365 users, which enables unauthorized access to Teams, Outlook, and OneDrive by bypassing multi-factor authentication protocols.
- Kali365, a Phishing-as-a-Service toolkit, simplifies cybercrime by offering subscription-based access to automated phishing lures and AI-generated templates; Telegram channels actively promote the service to exploit identity verification weaknesses in cloud-reliant workplaces.
- Cyberattackers distribute phishing emails containing device codes, tricking victims into authorizing connections on genuine Microsoft login pages; this intercepts OAuth tokens, allowing intruders persistent account access while bypassing further identity verification checks.
- "Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lure, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI said.
- The Bureau urges enterprises to restrict device code authentication pathways and enforce strict conditional access parameters; monitoring sign-in logs and flagging unauthorized sessions are essential to prevent breaches.
15 Articles
15 Articles
Anyone Can Be a Hacker Now: FBI Exposes Microsoft 365 Phishing Toolkit That Gives Amateurs the Keys to Cybercrime
The FBI has issued an urgent warning after uncovering a sophisticated cybercrime operation targeting Microsoft 365 users worldwide. A newly detected toolkit is being distributed across the internet, allowing even low-skilled individuals to deploy highly convincing, automated phishing scams. Security officials are urging organisations to review their defensive measures immediately as the barrier to entry for complex cloud breaches continues to fa…
FBI warns Microsoft users of Kali365 scam duping thousands: How the scam works and how users can protect themselves
Tech News News: The Federal Bureau of Investigation (FBI) issued a Public Service Announcement (PSA), warning the public about an emerging Phishing1-as-a-Service2 (Ph.
tippinsights
BizTocFBI Warns Microsoft 365 Users About Emerging Kali365 Scam
The FBI has issued an urgent warning about a growing cyber threat targeting users of Microsoft 365 services, including Teams, Outlook, and OneDrive, through a phishing platform known as Kali365. According to the agency, Kali365 operates as a “Phishing-as-a-Service” platform that allows cybercriminals with limited technical expertise to launch sophisticated attacks against Microsoft account holders. The service is reportedly available through a s…
What is Kali365? FBI warns Telegram-based phishing service targeting Microsoft 365 users
The platform, first detected in April 2026, is being actively distributed through Telegram channels and is designed to help even low-skilled attackers conduct sophisticated phishing campaigns.
Coverage Details
Bias Distribution
- 50% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
