Memeburn

FBI Warns Microsoft 365 Users About Dangerous Phishing Tool

Kali365 targets Microsoft 365 users’ accounts, using a phishing service that doesn’t require password theft despite bypassing ...
Ars Technica

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...
Redmond Magazine

FBI Urges Microsoft 365 Defenders To Watch for Kali365 Phishing Attacks

Kali365 phishing attacks bypass Microsoft 365 MFA by stealing access tokens. Real Microsoft device sign-in pages make Kali365 phishing lures harder to detect. Defenders should restrict device code ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...