Kali365
Coverage of Kali365 in the Nexus archive.
- FBI warns Microsoft users about passwordless scam
The FBI warns about a phishing-as-a-service platform called Kali365 targeting Microsoft 365 accounts. The scam bypasses multifactor authentication by exploiting Microsoft's device code login process to steal OAuth tokens, granting attackers access to Outlook, Teams, and OneDrive without requiring passwords.
- FBI-Flagged Phishing Kit Kali365 Expands Its Reach
The FBI-flagged phishing kit Kali365, previously targeting Microsoft 365, now expands to AWS, Okta, and Russian platforms using device code phishing. This marks an increase in the platform's scope and threat level.
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which exploits OAuth device code authentication to hijack Microsoft 365 accounts. The service steals session tokens and bypasses multi-factor authentication (MFA), posing a significant cybersecurity threat.
- FBI warns about fast-growing phishing kit targeting Microsoft 365 users
The FBI warns about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users by bypassing multi-factor authentication through OAuth device code phishing. The tool enables cybercriminals to steal access tokens, leading to data theft, ransomware, and other attacks. Researchers note its rapid growth, AI-driven tactics, and low barriers for less-technical attackers.
- FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The FBI has issued a warning about Kali365, a phishing-as-a-service platform operating on Telegram that enables cybercriminals to steal OAuth tokens and gain unauthorized access to Microsoft 365 environments. The advisory follows attacks in April targeting Microsoft 365 users. This threat represents a significant security risk for organizations relying on cloud-based Microsoft services.
- FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale
The FBI has warned about Kali365, a phishing-as-a-service platform that steals Microsoft OAuth tokens at scale, allowing attackers to bypass multi-factor authentication and gain unauthorized access to corporate accounts. The kit uses AI-generated phishing lures impersonating trusted services like DocuSign and SharePoint, and employs both device code phishing and adversary-in-the-middle techniques. Kali365 operates on a tiered subscription model and was first spotted in April 2026.