SECURITYRECORDED FUTURE NEWS
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The FBI has issued a warning about Kali365, a phishing-as-a-service platform operating on Telegram that enables cybercriminals to steal OAuth tokens and gain unauthorized access to Microsoft 365 environments. The advisory follows attacks in April targeting Microsoft 365 users. This threat represents a significant security risk for organizations relying on cloud-based Microsoft services.
Related Signal
Adjacent reporting
- FBI warns about fast-growing phishing kit targeting Microsoft 365 users
- FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale
- The New Phishing Click: How OAuth Consent Bypasses MFA
- Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
- New FBI warning reveals phishing attacks hitting private chats
- Microsoft Self-Service Password Reset abused in Azure data theft attacks