Dossier
phishing-as-a-service (PhaaS)
Coverage of phishing-as-a-service (PhaaS) in the Nexus archive.
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which exploits OAuth device code authentication to hijack Microsoft 365 accounts. The service steals session tokens and bypasses multi-factor authentication (MFA), posing a significant cybersecurity threat.