FBI Warns: ‘Kali365’ Phishing Service Targets Microsoft 365 Accounts

The FBI warned that Kali365 can hijack Microsoft 365 accounts by abusing device code authentication and capturing OAuth tokens.

FBI warns OneDrive, Teams users about phishing scam. What it looks like

Here's what Microsoft users in Illinois should know about a new phishing scam announced by the FBI. The scheme targets OneDrive, Teams and Outlook accounts.
Redmondmag.com

FBI Urges Microsoft 365 Defenders To Watch for Kali365 Phishing Attacks

The FBI is warning orgs about Kali365, a phishing-as-a-service kit that can help attackers get around multifactor authentication protections in Microsoft 365 environments by stealing access tokens ...
Hosted on MSN

State actors are abusing OAuth device codes to get full M365 account access - here's what we know

Proofpoint reports phishing surge abusing Microsoft OAuth 2.0 device code flow Victims enter codes on real Microsoft domains, granting attackers access tokens Proofpoint advises blocking device code ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
TechRadar

FBI warns of Kali phishing scam hitting Microsoft OAuth tokens — warns 'Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated ...

FBI flags Kali365, a phishing kit sold on Telegram which steals Microsoft 365 OAuth tokens and bypasses MFA Victims are tricked into entering device codes on legitimate Microsoft pages, unknowingly ...
Forbes

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...